Subject: Re: bin/2905: setting environment vars from login
To: Greg A. Woods <woods@web.net>
From: Christian Kuhtz <kuhtz@ix.netcom.com>
List: current-users
Date: 11/12/1996 21:19:31
On Tue, 12 Nov 96 23:13:35 -0500 (EST), woods@kuma.web.net (Greg A. Woods)
mumbled:
> > 1.) Show me a situation where this is an absolutely neccessary feature,
> > which cannot be implemented with current tools.
>
> I never claimed it was an absolutely necessary feature.
>
> I do claim it cannot be implemented by any current tools without
> modification of said tools.
Why do we need it then? 8-]
The proposed snippet of code relies on strings routines (among others) to
be bulletproof. Is that a safe assumption?
I could imagine denial of service attacks (and possibly more) by supplying
"near infinite" long login name + args strings. There needs to be a
barrier for how long the list of args can be... I don't recall that there
were any provisions for that in the code snippet. Also, what do these
routines barf on that could be supplied as an arg?
Regards,
--
Christian Kuhtz <kuhtz@ix.netcom.com>, office: ckuhtz@paranet.com
Network/UNIX Specialist for Paranet, Inc. http://www.paranet.com/
Supercomputing Junkie, et al MIME/NeXTmail accepted
---- BOYCOTT INTERNET SPAM! See URL http://www.vix.com/spam/ ----