matthew green writes:
>    This makes me nervous. System V suffers from many security holes made
>    possible by this facility. I'm not personally sure that I would want
>    to see it done unless it was very carefully studied.
> 
> i feel the same way.  however, i can not see any possible security
> problems with this design:  they are only added to the environment
> after fork()/setuid()/etc ... if setting an env. variable in a
> user-land program is a security risk, we have more problems than
> you can think about  :)

This is wrong. There are existing and demonstrable problems on many
System V systems caused by such facililties. Users with non-standard
shells designed as cages can often break out of them as a result of
such things. Its really bad news, and doesn't provide much new
functionality. I am not happy with the idea.

Perry