current-users: Re: bin/2905: setting environment vars from login

Subject: Re: bin/2905: setting environment vars from login
To: None <current-users@NetBSD.ORG>
From: Matthias Scheler <tron@lyssa.owl.de>
List: current-users
Date: 10/30/1996 09:28:19

In article <m0vIKPc-0007N2C@woffi.planix.com>,
	andreas@planix.com writes:
>>Synopsis:       setting environment variables from the login: prompt
...
> This change to login allows a user to set environment variables from the 
> login: prompt, via: 'login: username VAR1=value1 VAR2=value2'

Yes, and sooner or later we'll have a security hole because a critical
environment variable (e.g. "LD_LIBRARY_PATH") was set or overwritten.

I vote against applying this patch. If someone really wants to have it
he can create a modified "login", put in "/usr/local" and use the
"lo" field in "gettytab".

-- 
Matthias Scheler
tron@lyssa.owl.de