[7131] in bugtraq
Re: Environment variables (SECURITY: too many new packages)
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Wed Jul 1 13:17:09 1998
Date: Wed, 1 Jul 1998 10:49:29 +0200
Reply-To: peak@kerberos.troja.mff.cuni.cz
From: Pavel Kankovsky <peak@KERBEROS.TROJA.MFF.CUNI.CZ>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m0yrA2N-000aOnC@the-village.bc.nu>
On Wed, 1 Jul 1998, Alan Cox wrote:
> Bugtraq readers who haven't been following the Linux security audit
> project (from whence most of the Red Hat fixes came - and other vendors
> will I assume be issuing identical updates) might like to take a look
> at how their own OS handles pointing the following at files only root
> can read and running setuid apps. (or setgid usage in some cases such as
> Mutt)
> TZ
> TERMINFO
> TERMCAP
Add LANG, all LC_*, and various LD_* (esp. LD_*_OUTPUT) to the list.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."
