From owner-freebsd-security  Tue Nov 14 21:14:27 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id VAA13169
          for security-outgoing; Tue, 14 Nov 1995 21:14:27 -0800
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA13125
          ; Tue, 14 Nov 1995 21:14:07 -0800
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id QAA19112; Wed, 15 Nov 1995 16:10:04 +1100
Date: Wed, 15 Nov 1995 16:10:04 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199511150510.QAA19112@godzilla.zeta.org.au>
To: davidg@Root.COM, peter@jhome.dialix.com
Subject: Re: cvs commit: CVSROOT log_accum.pl
Cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org
Sender: owner-security@freebsd.org
Precedence: bulk

>>IMHO, having a child process being able to modify the parent's 
>>environment goes against the unix religion^H^H^H^H^H^H^Hphilosophy of 
>>inherited privilege.

>   Which is why we should restrict it to the session leader.

That would go against the religion that root can do anything :-).

This problem is a bit like the one with RLIMIT_NPROC.  It's bogus for
the limit to be in the proc struct since that allows children to
modify the parent's capability of spawning processes.

Bruce