Date: Sat, 10 Feb 2001 06:18:19 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Jacques A. Vidrine" <n@nectar.com>, Kris Kennaway <kris@obsecurity.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010210061819.A57280@mollari.cthul.hu> In-Reply-To: <20010210081402.A67687@hamlet.nectar.com>; from n@nectar.com on Sat, Feb 10, 2001 at 08:14:03AM -0600 References: <200102091321.f19DLoI59995@freefall.freebsd.org> <20010209121738.C64219@mollari.cthul.hu> <20010210081402.A67687@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 10, 2001 at 08:14:03AM -0600, Jacques A. Vidrine wrote: > On Fri, Feb 09, 2001 at 12:17:38PM -0800, Kris Kennaway wrote: > > This isn't a complete list of insecure environment variables, if > > that's what it's trying to be. I would feel much happier making this a > > defined list of allowed variables so we don't have obscure security > > fallout from it. >=20 > If you haven't already, please read my reply to ache on this issue on > this list (the Message-ID was <20010209151645.A20482@spawn.nectar.com>). > In short, it is not meant to be a `list of insecure environment > variables', complete or otherwise. I actually sent the mail out before ache did..for some reason, pacbell.net is randomly delaying my outgoing emails (e.g. some mails to freebsd.org have been undelivered for 2 days). *sigh* Kris --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD4DBQE6hU2rWry0BWjoQKURAu4tAJj2SVBrqhmRcMu6fz7rls9FbSjxAJ9lKB7U zOK62EgtlTm0QzGWWBI9MQ== =khUc -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010210061819.A57280>