[1206] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] libc 5.4.7

daemon@ATHENA.MIT.EDU (David Holland)
Sat Oct 12 07:41:15 1996

From: David Holland <dholland@eecs.harvard.edu>
To: alan@cymru.net (Alan Cox)
Date: Thu, 10 Oct 1996 12:34:02 -0400 (EDT)
Cc: dholland@eecs.harvard.edu, alan@lxorguk.ukuu.org.uk, alan@cymru.net,
        potato@dsnet.com, linux-gcc@vger.rutgers.edu,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199610100848.JAA08820@snowcrash.cymru.net> from "Alan Cox" at Oct 10, 96 09:48:55 am

 > > Yes. IMO, one should not do that (personally I wouldn't count on the
 > > right thing happening with LD_*, much less any other environment
 > > variables, rlimits, utmp entries, umasks, or what-have-you.)
 > 
 > With ld.so.7.14 the LD_ variables are correctly scrubbed. rlimits can be
 > a problem as sendmail has demonstrated.

If you're writing for multiple platforms you don't *know* the LD_
stuff will get handled right. 

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino

home help back first fref pref prev next nref lref last post