Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Feb 2004 02:09:22 +0300
From:      Andrey Chernov <ache@nagual.pp.ru>
To:        kientzle@acm.org
Cc:        das@FreeBSD.ORG
Subject:   Re: Environment Poisoning and login -p
Message-ID:  <20040226230921.GD73252@nagual.pp.ru>
In-Reply-To: <403E7B4D.8030803@kientzle.com>
References:  <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <403E7B4D.8030803@kientzle.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 26, 2004 at 03:03:41PM -0800, Tim Kientzle wrote:
> Instead, I've decided to follow Jacques Vidrine's
> suggestion of using a whitelist of environment variables
> that are "known-safe."

Well, I agree with that too, if it will be big enough. At least don't
forget about putting LANG and LC_* there.

-- 
Andrey Chernov | http://ache.pp.ru/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040226230921.GD73252>