Re: Environment Poisoning and login -p
From: Andrey Chernov (ache_at_nagual.pp.ru)
Date: 02/27/04
- Previous message: Peter Pentchev: "Re: Environment Poisoning and login -p"
- In reply to: D J Hawkey Jr: "Re: Environment Poisoning and login -p"
- Next in thread: Jacques A. Vidrine: "Re: Environment Poisoning and login -p"
- Reply: Jacques A. Vidrine: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 14:27:00 +0300 To: D J Hawkey Jr <hawkeyd@visi.com>
On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
> > Instead, I've decided to follow Jacques Vidrine's
> > suggestion of using a whitelist of environment variables
> > that are "known-safe."
>
> Coming in from left field... Will there be some sort of mechanism for
> an admin to set/modify this list?
I agree we'll need it (because of different assumptions). Something like
/etc/safe_environment file.
-- Andrey Chernov | http://ache.pp.ru/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Peter Pentchev: "Re: Environment Poisoning and login -p"
- In reply to: D J Hawkey Jr: "Re: Environment Poisoning and login -p"
- Next in thread: Jacques A. Vidrine: "Re: Environment Poisoning and login -p"
- Reply: Jacques A. Vidrine: "Re: Environment Poisoning and login -p"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
