Environment Poisoning and login -p
Jacques A. Vidrine
nectar at FreeBSD.org
Fri Feb 27 04:27:20 PST 2004
On Fri, Feb 27, 2004 at 02:27:00PM +0300, Andrey Chernov wrote:
> On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
> > > Instead, I've decided to follow Jacques Vidrine's
> > > suggestion of using a whitelist of environment variables
> > > that are "known-safe."
> > Coming in from left field... Will there be some sort of mechanism for
> > an admin to set/modify this list?
> I agree we'll need it (because of different assumptions). Something like
> /etc/safe_environment file.
Whoa, Let's not complicate things unnecessarily.
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security