From owner-freebsd-ports  Mon Aug  4 14:52:21 1997
Return-Path: <owner-freebsd-ports>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA00177
          for ports-outgoing; Mon, 4 Aug 1997 14:52:21 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA00172;
          Mon, 4 Aug 1997 14:52:18 -0700 (PDT)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id XAA20267; Mon, 4 Aug 1997 23:52:10 +0200
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.5/8.8.5) id XAA13283;
	Mon, 4 Aug 1997 23:50:33 +0200 (MET DST)
Message-ID: <19970804235032.NS48816@uriah.heep.sax.de>
Date: Mon, 4 Aug 1997 23:50:32 +0200
From: j@uriah.heep.sax.de (J Wunsch)
To: marcs@znep.com (Marc Slemko)
Cc: freebsd@atipa.com (Atipa), jonz@netrail.net (Jonathan A. Zdziarski),
        ports@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: SetUID
References: <Pine.BSF.3.91.970804145336.11294A-100000@dot.ishiboo.com> <Pine.BSF.3.95.970804150403.27439W-100000@alive.znep.com>
X-Mailer: Mutt 0.60_p2-3,5,8-9
Mime-Version: 1.0
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <Pine.BSF.3.95.970804150403.27439W-100000@alive.znep.com>; from Marc Slemko on Aug 4, 1997 15:07:36 -0600
Sender: owner-freebsd-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

As Marc Slemko wrote:

> You are being very naive.  You can do an awful lot with environment
> variables.  What would happen if you set ENV before running your wrapper?
> /bin/sh would see it and execute whatever is in the file it points to.

No longer.  $ENV should only be evaluated for interactive shells.
Recent versions of FreeBSD's /bin/sh handle it this way (but probably
not the version of the guy who's been asking here).

> What if you set one of a couple of LD_* environment variables?  The loader
> would see them and use whatever they point to.

But that's a right point, indeed.  The loader will ignore these
variables for the wrapper, but not for the called executables.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)