Date: Sat, 10 Feb 2001 08:14:03 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010210081402.A67687@hamlet.nectar.com> In-Reply-To: <20010209121738.C64219@mollari.cthul.hu>; from kris@obsecurity.org on Fri, Feb 09, 2001 at 12:17:38PM -0800 References: <200102091321.f19DLoI59995@freefall.freebsd.org> <20010209121738.C64219@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 09, 2001 at 12:17:38PM -0800, Kris Kennaway wrote: > This isn't a complete list of insecure environment variables, if > that's what it's trying to be. I would feel much happier making this a > defined list of allowed variables so we don't have obscure security > fallout from it. If you haven't already, please read my reply to ache on this issue on this list (the Message-ID was <20010209151645.A20482@spawn.nectar.com>). In short, it is not meant to be a `list of insecure environment variables', complete or otherwise. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010210081402.A67687>