From owner-cvs-all Sat Feb 10 6:22: 2 2001 Delivered-To: cvs-all@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 502D737B401; Sat, 10 Feb 2001 06:21:35 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8J00A1OOY1U5@mta5.snfc21.pbi.net>; Sat, 10 Feb 2001 06:15:40 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id CDCDC67262; Sat, 10 Feb 2001 06:18:19 -0800 (PST) Date: Sat, 10 Feb 2001 06:18:19 -0800 From: Kris Kennaway Subject: Re: cvs commit: src/usr.bin/login login.c In-reply-to: <20010210081402.A67687@hamlet.nectar.com>; from n@nectar.com on Sat, Feb 10, 2001 at 08:14:03AM -0600 To: "Jacques A. Vidrine" , Kris Kennaway , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Message-id: <20010210061819.A57280@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <200102091321.f19DLoI59995@freefall.freebsd.org> <20010209121738.C64219@mollari.cthul.hu> <20010210081402.A67687@hamlet.nectar.com> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 10, 2001 at 08:14:03AM -0600, Jacques A. Vidrine wrote: > On Fri, Feb 09, 2001 at 12:17:38PM -0800, Kris Kennaway wrote: > > This isn't a complete list of insecure environment variables, if > > that's what it's trying to be. I would feel much happier making this a > > defined list of allowed variables so we don't have obscure security > > fallout from it. >=20 > If you haven't already, please read my reply to ache on this issue on > this list (the Message-ID was <20010209151645.A20482@spawn.nectar.com>). > In short, it is not meant to be a `list of insecure environment > variables', complete or otherwise. I actually sent the mail out before ache did..for some reason, pacbell.net is randomly delaying my outgoing emails (e.g. some mails to freebsd.org have been undelivered for 2 days). *sigh* Kris --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD4DBQE6hU2rWry0BWjoQKURAu4tAJj2SVBrqhmRcMu6fz7rls9FbSjxAJ9lKB7U zOK62EgtlTm0QzGWWBI9MQ== =khUc -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message