Hello. On Tue, 09 Oct 2012 19:25:29 +0200 "Roberto E. Vargas Caballero" <k...@shike2.com> wrote: > > This patch is fixing something st shouldn’t do. In my environment all > > the environment variables you propose to add are set. That’s something > > the shell should do and not the terminal emulator. A terminal emulator > > should be neutral to this. Sorry, but I think you are fixing something > > at the wrong place in your environment. If this metadata for good old > > style tty’s is needed, well, try to fix this in the existing operating > > systems. > > Relay in correct values of LOGNAME and USER is a security risk. If st > doesn't check against /etc/passwd you can get who(1) shows other user as > connected, for example. Usually these variables are set by login(1), and > like a terminal emulator is doing the login job, setting these variables are > work of st.
How is this a possible security risk? St shouldn’t be used to control login shells. It’s there to show escape sequences jump around on a screen. Sincerely, Christoph Lohmann
