Environment Poisoning and login -p

Jacques A. Vidrine nectar at FreeBSD.org
Fri Feb 27 04:27:20 PST 2004


On Fri, Feb 27, 2004 at 02:27:00PM +0300, Andrey Chernov wrote:
> On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
> > > Instead, I've decided to follow Jacques Vidrine's
> > > suggestion of using a whitelist of environment variables
> > > that are "known-safe."
> >
> > Coming in from left field... Will there be some sort of mechanism for
> > an admin to set/modify this list?
>
> I agree we'll need it (because of different assumptions). Something like
> /etc/safe_environment file.

Whoa, Let's not complicate things unnecessarily.

Cheers,
-- 
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org


More information about the freebsd-security mailing list