I have to agree with this. It's not uncommon to have someone's
shell set to a program or simple shell script, so that they can't
do anything else (assuming the program itself is secure), and this
is an excellent way to get around that. Even for regular users,
it's also a good way to subvert /etc/profile or whatever.

cjs

Curt Sampson    cjs@portal.ca		Info at http://www.portal.ca/
Internet Portal Services, Inc.	
Vancouver, BC   (604) 257-9400		De gustibus, aut bene aut nihil.

On 30 Oct 1996, Matthias Scheler wrote:

> Date: 30 Oct 1996 09:28:19 +0100
> From: Matthias Scheler <tron@lyssa.owl.de>
> To: current-users@NetBSD.ORG
> Subject: Re: bin/2905: setting environment vars from login
> Newsgroups: netbsd.current-users
> 
> In article <m0vIKPc-0007N2C@woffi.planix.com>,
> 	andreas@planix.com writes:
> >>Synopsis:       setting environment variables from the login: prompt
> ...
> > This change to login allows a user to set environment variables from the 
> > login: prompt, via: 'login: username VAR1=value1 VAR2=value2'
> 
> Yes, and sooner or later we'll have a security hole because a critical
> environment variable (e.g. "LD_LIBRARY_PATH") was set or overwritten.
> 
> I vote against applying this patch. If someone really wants to have it
> he can create a modified "login", put in "/usr/local" and use the
> "lo" field in "gettytab".
> 
> -- 
> Matthias Scheler
> tron@lyssa.owl.de
>