Re: Environment Poisoning and login -p
From: Andrey Chernov (ache_at_nagual.pp.ru)
Date: 02/27/04
- Previous message: Andrey Chernov: "Re: Environment Poisoning and login -p"
- Maybe in reply to: Tim Kientzle: "Environment Poisoning and login -p"
- Next in thread: D J Hawkey Jr: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 02:09:22 +0300 To: kientzle@acm.org
On Thu, Feb 26, 2004 at 03:03:41PM -0800, Tim Kientzle wrote:
> Instead, I've decided to follow Jacques Vidrine's
> suggestion of using a whitelist of environment variables
> that are "known-safe."
Well, I agree with that too, if it will be big enough. At least don't
forget about putting LANG and LC_* there.
-- Andrey Chernov | http://ache.pp.ru/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Andrey Chernov: "Re: Environment Poisoning and login -p"
- Maybe in reply to: Tim Kientzle: "Environment Poisoning and login -p"
- Next in thread: D J Hawkey Jr: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
