Environment Poisoning and login -p
Jacques A. Vidrine
nectar at FreeBSD.org
Thu Feb 26 07:30:05 PST 2004
On Wed, Feb 25, 2004 at 10:54:31AM -0800, Tim Kientzle wrote:
[...]
> Possible fix: Have login unconditionally discard LD_LIBRARY_PATH
> and LD_PRELOAD from the environment, even if "-p" is specified.
[...]
> Possible fix: Eliminate the "-p" option to login.
I would prefer to redefine `-p' to mean, ``don't discard environmental
variables believed to be safe to propogate''. We can start with this
list:
http://www.opengroup.org/onlinepubs/007904975/basedefs/xbd_chap08.html
plus
EDITOR
KRB5CCNAME
LOGIN
MAILDIR
SSH_AGENT_PID
SSH_AUTH_SOCK
TERMCAP
If that is too draconian for you, then I guess just drop /LD_.*/.
Put the `environment cleaner' in libutil.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list