Date: Fri, 27 Feb 2004 14:27:00 +0300 From: Andrey Chernov <ache@nagual.pp.ru> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: kientzle@acm.org Subject: Re: Environment Poisoning and login -p Message-ID: <20040227112658.GA36271@nagual.pp.ru> In-Reply-To: <20040227111353.GA14777@sheol.localdomain> References: <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <403E7B4D.8030803@kientzle.com> <20040227111353.GA14777@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote: > > Instead, I've decided to follow Jacques Vidrine's > > suggestion of using a whitelist of environment variables > > that are "known-safe." > > Coming in from left field... Will there be some sort of mechanism for > an admin to set/modify this list? I agree we'll need it (because of different assumptions). Something like /etc/safe_environment file. -- Andrey Chernov | http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040227112658.GA36271>