From owner-freebsd-security@FreeBSD.ORG Fri Feb 27 03:13:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF4A016A4CE; Fri, 27 Feb 2004 03:13:55 -0800 (PST) Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91E8943D1D; Fri, 27 Feb 2004 03:13:55 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by conn.mc.mpls.visi.com (Postfix) with ESMTP id A27B282DC; Fri, 27 Feb 2004 05:13:54 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id i1RBDse14789; Fri, 27 Feb 2004 05:13:54 -0600 (CST) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Fri, 27 Feb 2004 05:13:53 -0600 From: D J Hawkey Jr To: kientzle@acm.org Message-ID: <20040227111353.GA14777@sheol.localdomain> References: <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <403E7B4D.8030803@kientzle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <403E7B4D.8030803@kientzle.com> User-Agent: Mutt/1.4.1i cc: Andrey Chernov cc: das@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: Environment Poisoning and login -p X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 11:13:55 -0000 On Feb 26, at 03:03 PM, Tim Kientzle wrote: > > Andrey Chernov wrote: > >On Wed, Feb 25, 2004 at 10:54:31AM -0800, Tim Kientzle wrote: > > > >>Possible fix: Have login unconditionally discard LD_LIBRARY_PATH > >>and LD_PRELOAD from the environment, even if "-p" is specified. > > > >Yes! It is what I say from very beginning. It is so obvious that I wonder > >why others not see it first. > > Instead, I've decided to follow Jacques Vidrine's > suggestion of using a whitelist of environment variables > that are "known-safe." Coming in from left field... Will there be some sort of mechanism for an admin to set/modify this list? Runs, ducking, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/