Subject: Re: bin/2905: setting environment vars from login
To: None <tron@lyssa.owl.de>
From: Gordon W. Ross <gwr@mc.com>
List: current-users
Date: 10/30/1996 09:59:52
> From: tron@lyssa.owl.de (Matthias Scheler)
> Date: 30 Oct 1996 09:28:19 +0100
> 
> In article <m0vIKPc-0007N2C@woffi.planix.com>,
> 	andreas@planix.com writes:
> >>Synopsis:       setting environment variables from the login: prompt
> ...
> > This change to login allows a user to set environment variables from the 
> > login: prompt, via: 'login: username VAR1=value1 VAR2=value2'
> 
> Yes, and sooner or later we'll have a security hole because a critical
> environment variable (e.g. "LD_LIBRARY_PATH") was set or overwritten.

Can the user not set this variable (and any other) anyway?
I don't see the difference between the proposed feature and,
say, a .login file that sets some environment variables.

What is the difference?
Gordon