From owner-cvs-all  Fri Feb  9  8:30: 6 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id DFCF437BBDF; Fri,  9 Feb 2001 07:43:33 -0800 (PST)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.2/8.11.2) id f19FhXG47129;
	Fri, 9 Feb 2001 18:43:33 +0300 (MSK)
	(envelope-from ache)
Date: Fri, 9 Feb 2001 18:43:32 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Jacques Vidrine <nectar@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.bin/login login.c
Message-ID: <20010209184332.A47061@nagual.pp.ru>
References: <200102091321.f19DLoI59995@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102091321.f19DLoI59995@freefall.freebsd.org>; from nectar@FreeBSD.org on Fri, Feb 09, 2001 at 05:21:50AM -0800
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Feb 09, 2001 at 05:21:50 -0800, Jacques Vidrine wrote:
> nectar      2001/02/09 05:21:50 PST
> 
>   Modified files:
>     usr.bin/login        login.c 
>   Log:
>   Fix login so that it exports environmental variables that are set by PAM
>   modules (via pam_putenv).  The following variables will never be set in
>   this fashion:
>   
>      SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH
>      any variable starting with `LD_'

Do you mean this is the list of _disabled_ variables? All security guides
recommend just opposite strategy, keeping the list of _enabled_ variables.
It prevents new and unknown evil variable appearse unnoticed in future.

-- 
Andrey A. Chernov
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message