Date: Thu, 14 Mar 2002 06:10:25 +0100 From: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> To: Jason Stone <jason-fbsd-security@shalott.net> Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020314051025.GA350@frolic.no-support.loc>
next in thread | raw e-mail | index | archive | help
>> And additionally to that, why is the environment variable MAIL hardcoded >> to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c >> although setusercontext() is used? Crap! > >the CheckMail option in sshd is deprecated (I think that it actually >generates an error in 3.1, the current version) and should not be used >anymore. It's not just for the CheckMail option, but the MAIL variable ends up in the users environment for the session. Normally the admin would have configured an appropriate environment via login.conf, so no dealing with shell specific files or, even worse, no telling the user what variable he has to set. And if a user doesn't start a normal shell session, but directly fires up his (X11 based) MUA with that wrong MAIL var. -Bj=F6rn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314051025.GA350>