Subject: Re: Buffer overrun patches
To: Michael Graff <firstname.lastname@example.org>
From: Jason Thorpe <thorpej@NetBSD.ORG>
Date: 09/07/1996 14:18:48
On 07 Sep 1996 17:05:33 -0400
Michael Graff <email@example.com> wrote:
> > - telnetd: block the ENV variable from being transferred, as in some
> > circumstances this may lead to unexpected execution of commands.
> > (ENV points bash and other shells at command text to execute.)
> I have applied this but not committed it. Any objections?
No objection from me. We already block some potentially dangerous
environment variables from passing...
Jason R. Thorpe
NetBSD Core Group