Environment Poisoning and login -p
Andrey Chernov
ache at nagual.pp.ru
Fri Feb 27 03:27:12 PST 2004
On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
> > Instead, I've decided to follow Jacques Vidrine's
> > suggestion of using a whitelist of environment variables
> > that are "known-safe."
>
> Coming in from left field... Will there be some sort of mechanism for
> an admin to set/modify this list?
I agree we'll need it (because of different assumptions). Something like
/etc/safe_environment file.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-security
mailing list