Subject: Re: bin/2905: setting environment vars from login
To: Greg A. Woods <>
From: Christian Kuhtz <>
List: current-users
Date: 11/12/1996 21:19:31
On Tue, 12 Nov 96 23:13:35 -0500 (EST), (Greg A. Woods)  
> > 1.) Show me a situation where this is an absolutely neccessary feature,
> > which cannot be implemented with current tools.
> I never claimed it was an absolutely necessary feature.
> I do claim it cannot be implemented by any current tools without
> modification of said tools.

Why do we need it then? 8-]

The proposed snippet of code relies on strings routines (among others) to  
be bulletproof.  Is that a safe assumption?

I could imagine denial of service attacks (and possibly more) by supplying  
"near infinite" long login name + args strings. There needs to be a  
barrier for how long the list of args can be... I don't recall that there  
were any provisions for that in the code snippet.  Also, what do these  
routines barf on that could be supplied as an arg?

Christian Kuhtz <>, office:
Network/UNIX Specialist for Paranet, Inc.
Supercomputing Junkie, et al               MIME/NeXTmail accepted