Subject: Re: bin/2905: setting environment vars from login
To: firstname.lastname@example.org (Greg A. Woods), Curt Sampson <email@example.com>
From: John Nemeth <firstname.lastname@example.org>
Date: 11/06/1996 03:30:20
On Nov 5, 12:56am, Greg A. Woods wrote:
} Of course if we stole one more feature from SCO (which is also in
} SysVr4), we could even allow control of this feature at run-time!
} (i.e. /etc/default/*)
This is gross. This is one of the things I hate in SV. It goes
along with spreading configuration information all over the drive.
} Fear mongering about increased security risks where there are none is
} not productive. If you know of any such documented risks, then by all
See the whole kerfluffle over telnetd and environment variables.
Letting people set arbitrary environment variables at the login prompt
would be a repeat. If you follow the various security mailing lists
you would know that this is a very bad idea. I vote NO.
}-- End of excerpt from Greg A. Woods