[ On Wed, October 30, 1996 at 07:20:56 (-0800), Curt Sampson wrote: ]
> Subject: Re: bin/2905: setting environment vars from login
>
> I have to agree with this. It's not uncommon to have someone's
> shell set to a program or simple shell script, so that they can't
> do anything else (assuming the program itself is secure), and this
> is an excellent way to get around that. Even for regular users,
> it's also a good way to subvert /etc/profile or whatever.

RTFM -- at least the SysVr4 (eg SunOS-5) ones....

Some variables cannot (and for the reasons you cite should not) be
overridden.

-- 
							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>