Environment Poisoning and login -p

Andrey Chernov ache at nagual.pp.ru
Thu Feb 26 15:09:31 PST 2004

Previous message: HEADS UP: OpenSSH 3.8p1
Next message: krb5-1.3.2 is released (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 26, 2004 at 03:03:41PM -0800, Tim Kientzle wrote:
> Instead, I've decided to follow Jacques Vidrine's
> suggestion of using a whitelist of environment variables
> that are "known-safe."

Well, I agree with that too, if it will be big enough. At least don't
forget about putting LANG and LC_* there.

-- 
Andrey Chernov | http://ache.pp.ru/

Previous message: HEADS UP: OpenSSH 3.8p1
Next message: krb5-1.3.2 is released (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the freebsd-security mailing list