From owner-cvs-user  Fri Oct 20 10:23:44 1995
Return-Path: owner-cvs-user
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id KAA11312
          for cvs-user-outgoing; Fri, 20 Oct 1995 10:23:44 -0700
Received: from aslan.cdrom.com (aslan.cdrom.com [192.216.223.142])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA11307
          ; Fri, 20 Oct 1995 10:23:39 -0700
Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by aslan.cdrom.com (8.6.12/8.6.9) with SMTP id KAA09542; Fri, 20 Oct 1995 10:23:24 -0700
Message-Id: <199510201723.KAA09542@aslan.cdrom.com>
X-Authentication-Warning: aslan.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol
To: "Andrey A. Chernov" <ache@freefall.freebsd.org>
cc: CVS-commiters@freefall.freebsd.org, cvs-user@freefall.freebsd.org
Subject: Re: cvs commit: src/secure/libexec/telnetd sys_term.c 
In-reply-to: Your message of "Fri, 20 Oct 1995 10:17:00 PDT."
             <199510201717.KAA11071@freefall.freebsd.org> 
Date: Fri, 20 Oct 1995 10:23:24 -0700
From: "Justin T. Gibbs" <gibbs@freefall.freebsd.org>
Sender: owner-cvs-user@FreeBSD.org
Precedence: bulk

>ache        95/10/20 10:16:59
>
>  Modified:    secure/libexec/telnetd  sys_term.c
>  Log:
>  Don't allow LD_* env. variables to be tricked
>  Submitted by: Sam Hartman <hartmans@mit.edu>

I think that it should *only* exclude the variables that cause
the vulnerability.  Just because I choose to use a variable
called LD_MY_TERMINAL_IS_BLUE doesn't mean I should get burned.
--
Justin T. Gibbs
===========================================
  Software Developer - Walnut Creek CDROM
  FreeBSD: Turning PCs into workstations
===========================================