Subject: Re: bin/2905: setting environment vars from login
To: Greg A. Woods <>
From: Curt Sampson <>
List: current-users
Date: 11/06/1996 12:03:19
On Wed, 6 Nov 1996, Greg A. Woods wrote:

> The proposed feature will not allow an arbitrary user to execute
> arbitrary programs or read or write arbitrary files.

You can say that without knowing which program is being run as the
login `shell'? How clever of you!

At any rate, I don't think we have to go any further on this. I
think it's pretty evident at this point that you're the only one
that wants this feature, so we don't have to worry about multiple
people rewriting it multiple times. And given that nobody's done
the security analysis on even just the programs you claim need to
be analysed, this patch couldn't go in anyway.

I think the only other thing that needs to be commented on is this:

> We can only protect people from screwing up with the
> software we provide in the system.  If someone adds some new program
> without taking into account such a feature, then they get all they
> deserve.

This is all fine and dandy if the system as it stands is not likely
to have programs added to it. However, NetBSD is not like that in
my experience. Perhaps your system hasn't any programs on it that
aren't under /usr/src. It would be the only one that I know of.

Some knives shouldn't be sharp, unless sharpened by the owner.
It's not a big deal for an expert system administrator to compile
up a new /bin/login. A break-in due to a hole as easily opened by
a novice as this could be catastrophic for that person.


Curt Sampson           Info at
Internet Portal Services, Inc.
Vancouver, BC   (604) 257-9400          De gustibus, aut bene aut nihil.