Subject: Re: bin/2905: setting environment vars from login
To: Christian Kuhtz <kuhtz@ix.netcom.com>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 11/12/1996 23:13:35
[ On Wed, November 6, 1996 at 13:10:12 (-0700), Christian Kuhtz wrote: ]
> Subject: Re: bin/2905: setting environment vars from login
>
> Are you willing to bet your life on the fact that there will not be an
> exploitation of this feature?
Show me a system where my life depends on exploits not occuring, and
I'll be the first to apply the wire cutters to it's external connections.
> Regardless of how many times I and others have asked you for it, you will
> not answer certain questions which have been asked. You rather flame me in
> private; trust me, I can take it publically.
>
> 1.) Show me a situation where this is an absolutely neccessary feature,
> which cannot be implemented with current tools.
I never claimed it was an absolutely necessary feature.
I do claim it cannot be implemented by any current tools without
modification of said tools.
> 2.) Why does this feature have to be available by default?
As I've said a zillion times: Because it's generally useful, and rarely,
if ever (show me!), harmful to a generic system (i.e. one that runs
completely stock out-of-the box binaries in a general purpose computing
environment).
> 3.) Why do you want to avoid forcing RTFM to enable this feature and
> subsequently cause awareness?
I don't mind an RTMF, so long as the enabling can be done at run-time
from the stock binaries.
(I've also said this a zillion times.)
> An example for another dangerous environment variable is IFS. I don't
> know for how long ppl have been preaching that it should be reset
> immediately within a script. However, human nature prevents this preaching
> from being successful and you won't accept that this world isn't perfect
> but rather accuse others of living in a dreamworld.
Obviously, which is why /bin/login should not allow it to be overridden.
... but then we *knew* that already, no?
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>