Subject: Re: bin/2905: setting environment vars from login
To: None <>
From: matthew green <>
List: netbsd-bugs
Date: 10/31/1996 01:55:34
   This makes me nervous. System V suffers from many security holes made
   possible by this facility. I'm not personally sure that I would want
   to see it done unless it was very carefully studied.

i feel the same way.  however, i can not see any possible security
problems with this design:  they are only added to the environment
after fork()/setuid()/etc ... if setting an env. variable in a
user-land program is a security risk, we have more problems than
you can think about  :)

as long as the implemtation is not breakable, the design appears to
be OK.  as i said -- it makes me nervous too -- but as long as the
implementation is sanity checked i have no problem with it.  it would
be nice to be able to login somewhere, and say "mrg TERM=vt100" and
have it DTRT.  perhaps it should be disable-able... to allow
restricted-type accesses to remain safe ?

it's not quite a simple problem ...

   > + 	for (p = logenv; p != NULL; ) {
   > + 		while ((val = strsep(&p," \t")) != NULL && *val == '\0');
   > + 		if (strncasecmp(val,"PATH=",5) != 0)
   > + 			putenv(val);
   > + 	}
   >   	(void)setenv("HOME", pwd->pw_dir, 1);
   >   	(void)setenv("SHELL", pwd->pw_shell, 1);

is setting it above the HOME/SHELL/TERM/etc settings the right thing
to do ?  hopefully, the user knows what they are doing here .. why get
in their way ?