phil@??? said:
> May I throw a load of mud into the settling waters of this argument
> and say "maximum paranoia"? I really dislike having setuid programs
> which start other programs and which don't flatten the environment,
> unless there's extremely good reason.
Ugh... thats a good point... I wonder if a LD_PRELOAD attack could be
used against a user supplied non-setuid forward piped program. I know
a setuid prog won't *honour* these itself, but if its not setuid
children do you can still subvert someone elses UID from a local
account.
> How about a "preserve_environment" which takes a list of environment
> variables, or if unset passes things through by default?
> preserve_environment = EDITOR:VISUAL:TERM:TERMINFO:DISPLAY:WINDOW
This is a pretty definitive way of dealing with it.
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
