From owner-cvs-all Sat Feb 10 4:13:53 2001 Delivered-To: cvs-all@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 8FEDF37B65D; Sat, 10 Feb 2001 04:13:19 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8I00037AX9DE@mta5.snfc21.pbi.net>; Fri, 9 Feb 2001 12:15:11 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 6486066B62; Fri, 09 Feb 2001 12:17:38 -0800 (PST) Date: Fri, 09 Feb 2001 12:17:38 -0800 From: Kris Kennaway Subject: Re: cvs commit: src/usr.bin/login login.c In-reply-to: <200102091321.f19DLoI59995@freefall.freebsd.org>; from nectar@FreeBSD.org on Fri, Feb 09, 2001 at 05:21:50AM -0800 To: Jacques Vidrine Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Message-id: <20010209121738.C64219@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="aT9PWwzfKXlsBJM1" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <200102091321.f19DLoI59995@freefall.freebsd.org> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --aT9PWwzfKXlsBJM1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 09, 2001 at 05:21:50AM -0800, Jacques Vidrine wrote: > nectar 2001/02/09 05:21:50 PST >=20 > Modified files: > usr.bin/login login.c=20 > Log: > Fix login so that it exports environmental variables that are set by PAM > modules (via pam_putenv). The following variables will never be set in > this fashion: > =20 > SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH > any variable starting with `LD_' This isn't a complete list of insecure environment variables, if that's what it's trying to be. I would feel much happier making this a defined list of allowed variables so we don't have obscure security fallout from it. Kris --aT9PWwzfKXlsBJM1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hFBiWry0BWjoQKURApBwAJ9I9RmORnzs2vCoUray0avvw4AABQCg6qQf eWU7hZLVopC6lqb65SYgS6I= =DMcE -----END PGP SIGNATURE----- --aT9PWwzfKXlsBJM1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message