From owner-freebsd-security  Fri Sep  8  2:56:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5CB3837B424; Fri,  8 Sep 2000 02:56:09 -0700 (PDT)
Received: from xi.css.qmw.ac.uk ([138.37.8.11])
	by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1)
	id 13XKry-00001i-00; Fri, 08 Sep 2000 10:54:50 +0100
Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1)
	id 13XKrz-00050c-00; Fri, 8 Sep 2000 10:54:51 +0100
X-Mailer: exmh version 2.0.2 2/24/98
To: "Todd C. Miller" <Todd.Miller@courtesan.com>
Cc: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>,
	Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG>,
	freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject: Re: UNIX locale format string vulnerability (fwd) 
In-reply-to: Your message of "Thu, 07 Sep 2000 16:15:55 MDT."
             <200009072215.e87MFtQ24652@xerxes.courtesan.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 08 Sep 2000 10:54:50 +0100
From: David Pick <D.M.Pick@qmw.ac.uk>
Message-Id: <E13XKrz-00050c-00@xi.css.qmw.ac.uk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> Sudo already discards the following:
>     IFS
>     LOCALDOMAIN
>     RES_OPTIONS
>     HOSTALIASES
>     LD_*
>     _RLD*
>     SHLIB_PATH
>     LIBPATH
>     KRB_CONF
>     KRB5_CONFIG
>     ENV
>     BASH_ENV

A fair list of not-obviously-related environment variables. (Puts
on thinking cap and makes a correlation with packet filter rules.)
It would be *much* safer to adopt a "deny all and only allow a
list of variables that are known to be safe and wanted" approach
rather than a "block the ones we know are unsafe and miss blocking
a few we don't know about".

-- 
	David Pick



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message