Date: Thu, 14 Mar 2002 06:10:25 +0100 From: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> To: Jason Stone <jason-fbsd-security@shalott.net> Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020314051025.GA350@frolic.no-support.loc>
next in thread | raw e-mail | index | archive | help
>> And additionally to that, why is the environment variable MAIL hardcoded
>> to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c
>> although setusercontext() is used? Crap!
>
>the CheckMail option in sshd is deprecated (I think that it actually
>generates an error in 3.1, the current version) and should not be used
>anymore.
It's not just for the CheckMail option, but the MAIL variable ends up
in the users environment for the session. Normally the admin would have
configured an appropriate environment via login.conf, so no dealing
with shell specific files or, even worse, no telling the user what
variable he has to set. And if a user doesn't start a normal shell
session, but directly fires up his (X11 based) MUA with that wrong
MAIL var.
-Bj=F6rn
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314051025.GA350>