From owner-freebsd-security  Thu Sep  7 15:16:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from xerxes.courtesan.com (64-6-178-150.den1.phoenixdsl.net [64.6.178.150])
	by hub.freebsd.org (Postfix) with ESMTP
	id BD13937B42C; Thu,  7 Sep 2000 15:16:25 -0700 (PDT)
Received: from xerxes.courtesan.com (millert@localhost)
	by xerxes.courtesan.com (8.10.1/8.10.1) with ESMTP id e87MFtQ24652;
	Thu, 7 Sep 2000 16:15:55 -0600 (MDT)
Message-Id: <200009072215.e87MFtQ24652@xerxes.courtesan.com>
To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>,
	"Todd C. Miller" <Todd.Miller@courtesan.com>,
	Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG>,
	freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject: Re: UNIX locale format string vulnerability (fwd) 
In-reply-to: Your message of "Fri, 08 Sep 2000 00:13:21 +0200."
             <Pine.GSO.4.10.10009072356220.845-100000@nenya.ms.mff.cuni.cz> 
References: <Pine.GSO.4.10.10009072356220.845-100000@nenya.ms.mff.cuni.cz> 
Date: Thu, 07 Sep 2000 16:15:55 -0600
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sudo already discards the following:
    IFS
    LOCALDOMAIN
    RES_OPTIONS
    HOSTALIASES
    LD_*
    _RLD*
    SHLIB_PATH
    LIBPATH
    KRB_CONF
    KRB5_CONFIG
    ENV
    BASH_ENV

 - todd


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message