Bugtraq mailing list archives
Re: Environment variables (SECURITY: too many new packages)
From: peak () kerberos troja mff cuni cz (Pavel Kankovsky)
Date: Wed, 1 Jul 1998 10:49:29 +0200
On Wed, 1 Jul 1998, Alan Cox wrote:
Bugtraq readers who haven't been following the Linux security audit project (from whence most of the Red Hat fixes came - and other vendors will I assume be issuing identical updates) might like to take a look at how their own OS handles pointing the following at files only root can read and running setuid apps. (or setgid usage in some cases such as Mutt) TZ TERMINFO TERMCAP
Add LANG, all LC_*, and various LD_* (esp. LD_*_OUTPUT) to the list. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you."
Current thread:
- Re: Environment variables (SECURITY: too many new packages) Pavel Kankovsky (Jul 01)
- <Possible follow-ups>
- Re: Environment variables (SECURITY: too many new packages) Edward John Brocklesby (Jul 01)