Subject: Re: bin/2905: setting environment vars from login
To: Greg A. Woods <firstname.lastname@example.org>
From: Christian Kuhtz <email@example.com>
Date: 11/12/1996 21:19:31
On Tue, 12 Nov 96 23:13:35 -0500 (EST), firstname.lastname@example.org (Greg A. Woods)
> > 1.) Show me a situation where this is an absolutely neccessary feature,
> > which cannot be implemented with current tools.
> I never claimed it was an absolutely necessary feature.
> I do claim it cannot be implemented by any current tools without
> modification of said tools.
Why do we need it then? 8-]
The proposed snippet of code relies on strings routines (among others) to
be bulletproof. Is that a safe assumption?
I could imagine denial of service attacks (and possibly more) by supplying
"near infinite" long login name + args strings. There needs to be a
barrier for how long the list of args can be... I don't recall that there
were any provisions for that in the code snippet. Also, what do these
routines barf on that could be supplied as an arg?
Christian Kuhtz <email@example.com>, office: firstname.lastname@example.org
Network/UNIX Specialist for Paranet, Inc. http://www.paranet.com/
Supercomputing Junkie, et al MIME/NeXTmail accepted
---- BOYCOTT INTERNET SPAM! See URL http://www.vix.com/spam/ ----