Subject: Re: Buffer overrun patches
To: Michael Graff <>
From: Jason Thorpe <thorpej@NetBSD.ORG>
List: tech-userlevel
Date: 09/07/1996 14:18:48
On 07 Sep 1996 17:05:33 -0400 
 Michael Graff <> wrote:

 > >  - telnetd: block the ENV variable from being transferred, as in some
 > >      circumstances this may lead to unexpected execution of commands.
 > >      (ENV points bash and other shells at command text to execute.)
 > I have applied this but not committed it.  Any objections?

No objection from me.  We already block some potentially dangerous 
environment variables from passing...

Jason R. Thorpe
NetBSD Core Group