Environment Poisoning and login -p

Andrey Chernov ache at nagual.pp.ru
Fri Feb 27 03:27:12 PST 2004


On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
> > Instead, I've decided to follow Jacques Vidrine's
> > suggestion of using a whitelist of environment variables
> > that are "known-safe."
> 
> Coming in from left field... Will there be some sort of mechanism for
> an admin to set/modify this list?

I agree we'll need it (because of different assumptions). Something like 
/etc/safe_environment file.

-- 
Andrey Chernov | http://ache.pp.ru/


More information about the freebsd-security mailing list