From owner-cvs-all Sat Feb 10 6:14:26 2001 Delivered-To: cvs-all@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 69AFE37B401; Sat, 10 Feb 2001 06:14:04 -0800 (PST) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 294D818C90; Sat, 10 Feb 2001 08:14:03 -0600 (CST) Received: (from nectar@localhost) by hamlet.nectar.com (8.11.2/8.9.3) id f1AEE3Z67698; Sat, 10 Feb 2001 08:14:03 -0600 (CST) (envelope-from nectar@spawn.nectar.com) Date: Sat, 10 Feb 2001 08:14:03 -0600 From: "Jacques A. Vidrine" To: Kris Kennaway Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010210081402.A67687@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Kris Kennaway , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org References: <200102091321.f19DLoI59995@freefall.freebsd.org> <20010209121738.C64219@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010209121738.C64219@mollari.cthul.hu>; from kris@obsecurity.org on Fri, Feb 09, 2001 at 12:17:38PM -0800 X-Url: http://www.nectar.com/ Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Feb 09, 2001 at 12:17:38PM -0800, Kris Kennaway wrote: > This isn't a complete list of insecure environment variables, if > that's what it's trying to be. I would feel much happier making this a > defined list of allowed variables so we don't have obscure security > fallout from it. If you haven't already, please read my reply to ache on this issue on this list (the Message-ID was <20010209151645.A20482@spawn.nectar.com>). In short, it is not meant to be a `list of insecure environment variables', complete or otherwise. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message