Re: Environment Poisoning and login -p

From: Andrey Chernov (ache_at_nagual.pp.ru)
Date: 02/27/04

  • Next message: D J Hawkey Jr: "Re: Environment Poisoning and login -p"
    Date: Fri, 27 Feb 2004 14:27:00 +0300
    To: D J Hawkey Jr <hawkeyd@visi.com>
    
    

    On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
    > > Instead, I've decided to follow Jacques Vidrine's
    > > suggestion of using a whitelist of environment variables
    > > that are "known-safe."
    >
    > Coming in from left field... Will there be some sort of mechanism for
    > an admin to set/modify this list?

    I agree we'll need it (because of different assumptions). Something like
    /etc/safe_environment file.

    -- 
    Andrey Chernov | http://ache.pp.ru/
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: D J Hawkey Jr: "Re: Environment Poisoning and login -p"