Date: Fri, 9 Feb 2001 18:43:32 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Jacques Vidrine <nectar@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010209184332.A47061@nagual.pp.ru> In-Reply-To: <200102091321.f19DLoI59995@freefall.freebsd.org>; from nectar@FreeBSD.org on Fri, Feb 09, 2001 at 05:21:50AM -0800 References: <200102091321.f19DLoI59995@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 09, 2001 at 05:21:50 -0800, Jacques Vidrine wrote: > nectar 2001/02/09 05:21:50 PST > > Modified files: > usr.bin/login login.c > Log: > Fix login so that it exports environmental variables that are set by PAM > modules (via pam_putenv). The following variables will never be set in > this fashion: > > SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH > any variable starting with `LD_' Do you mean this is the list of _disabled_ variables? All security guides recommend just opposite strategy, keeping the list of _enabled_ variables. It prevents new and unknown evil variable appearse unnoticed in future. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010209184332.A47061>