Date: Sun, 17 Feb 2019 22:56:55 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 235792] cron(8) does not respect login.conf environment vars Message-ID: <bug-235792-227-rYC8kJHwO1@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235792-227@https.bugs.freebsd.org/bugzilla/> References: <bug-235792-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235792 --- Comment #2 from andrew@tao11.riddles.org.uk --- (In reply to Bob Bishop from comment #1) There's more to security than blowing away the environment everywhere; it's also important to allow necessary settings to be made in a centralized and trusted place. Back in the day (I've been using Unix in one form or another for 30+ years = and admining it for 25+, I'm not new at this) when environment variables were things you set in commands in your .profile, it was reasonable for cron to ignore that and start from scratch. But the existence of login.conf changes that logic. My argument is that the POLA violation goes the other way: that any time th= at values in login.conf are *not* respected is surprising. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235792-227-rYC8kJHwO1>