Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Feb 2004 15:03:41 -0800
From:      Tim Kientzle <tim@kientzle.com>
To:        Andrey Chernov <ache@nagual.pp.ru>
Cc:        kientzle@acm.org
Subject:   Re: Environment Poisoning and login -p
Message-ID:  <403E7B4D.8030803@kientzle.com>
In-Reply-To: <20040226225149.GB73252@nagual.pp.ru>
References:  <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov wrote:
> On Wed, Feb 25, 2004 at 10:54:31AM -0800, Tim Kientzle wrote:
> 
>>Possible fix:  Have login unconditionally discard LD_LIBRARY_PATH
>>and LD_PRELOAD from the environment, even if "-p" is specified.
> 
> Yes! It is what I say from very beginning. It is so obvious that I wonder 
> why others not see it first.

It is obvious, it's just not very safe.  In general,
blacklist approaches are pretty poor; it's
hard to make sure you've caught everything
and future changes to other parts of the system
can easily open new problems.

Instead, I've decided to follow Jacques Vidrine's
suggestion of using a whitelist of environment variables
that are "known-safe."

Tim Kientzle



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403E7B4D.8030803>