[Bug 235792] cron(8) does not respect login.conf environment vars
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 17 22:56:58 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235792
--- Comment #2 from andrew at tao11.riddles.org.uk ---
(In reply to Bob Bishop from comment #1)
There's more to security than blowing away the environment everywhere; it's
also important to allow necessary settings to be made in a centralized and
trusted place.
Back in the day (I've been using Unix in one form or another for 30+ years and
admining it for 25+, I'm not new at this) when environment variables were
things you set in commands in your .profile, it was reasonable for cron to
ignore that and start from scratch. But the existence of login.conf changes
that logic.
My argument is that the POLA violation goes the other way: that any time that
values in login.conf are *not* respected is surprising.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list