Roland McGrath <[EMAIL PROTECTED]> wrote: >> Anyhow, the point is a good one with respect to environment variables, >> and perhaps we should enable EXECSERVERS with the suggested tweak, >> that it is off for secure exec and for euid!=ruid. > > EXECSERVERS has to be excised from the environment, not just ignored.
If it is ignored both for secure exec and when euid!=ruid already, then AFAICT, the only remaining problem case (assuming it is not excised) is a program running in a setuid situation that tries to sanitize its environment, etc., sets ruid=euid, and then runs another program. Such a sanitizer is probably already insecure, even on Unix, since it cannot in general predict what needs to be sanitized for the sake of other programs. (Or if it is secure on Unix, that's probably because it removes all environment variables it doesn't specifically recognize, which would include EXECSERVERS.) I don't think it would be any more vulnerable on the Hurd. Are any such programs even known to exist? su sets ruid=euid, but only after the user has authenticated, in which case I think it's ok keep EXECSERVERS. paul _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
