Subject: Re: bin/2905: setting environment vars from login
To: Greg A. Woods <firstname.lastname@example.org>
From: Christian Kuhtz <email@example.com>
Date: 11/05/1996 11:47:00
On Sun, 3 Nov 96 19:41:12 -0500 (EST), firstname.lastname@example.org (Greg A. Woods)
> Saying that such and such feature is allows someone to trip over an
> as-yet un-introduced potential security weakness isn't saying much at
> all. I think it would be much more productive to develop a validated
> security profile such that a feature like this can be added without fear
> of the unknown.
1. It would help if you could be less ambiguous.
2. Part of a working and effective security policy is security planning, and
that includes observing changes very closely and with scrutiny. RTFM.
> After all, if you think about the risk/benefit ratio, I think it should
> be obvious that there are far more risky things in the system that need
> more direct attention than a feature such as this which in a properly
> controlled environment should add nothing but benefit.
IMHO, that argumentation is extremely weak. Just because you know that
there's a bigger hole somewhere means that you don't care about the little
> This is in fact a feature I would find mandatory if I were to build a
> system that provded general purpose shell access, esp. in a commercial
> unix environment.
In a commercial environment you should be able to find a better solution
than this kludge. And it is nothing more than that at this point: a
So far, no one has been able to demonstrate the absolute neccessity for
this additional feature/junk in /bin/login.
Christian Kuhtz <email@example.com>, office: firstname.lastname@example.org
Network/UNIX Specialist for Paranet, Inc. http://www.paranet.com/
Supercomputing Junkie, et al MIME/NeXTmail accepted
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----