Subject: Re: bin/2905: setting environment vars from login
To: Peter Seebach <email@example.com>
From: Marc Slemko <firstname.lastname@example.org>
Date: 10/30/1996 19:09:37
This could be done reasonably securely without compromising security too
much on most systems. telnetd does it securely; copy the code and there
should be few suprises.
Now, that doesn't mean it is a good thing to do, but I don't see why it
can't be done with minimal security risk if it were so desired.
On Wed, 30 Oct 1996, Peter Seebach wrote:
> That's a good example...
> But you know, we have a similar problem already....
> LD_LIBRARY_PATH=... login -p sync
> (if you have sync as a login...)
> In general, I think this has the potential to be a security bug worth
> looking at...