Greetings. On Tue, 09 Oct 2012 19:31:50 +0200 "Roberto E. Vargas Caballero" <k...@shike2.com> wrote: > > > > Relay in correct values of LOGNAME and USER is a security risk. If st > > doesn't check against /etc/passwd you can get who(1) shows other user as > > connected, for example. Usually these variables are set by login(1), and > > like a terminal emulator is doing the login job, setting these variables are > > work of st. > > And if SHELL is not set, st before this patch segfault.
Actually, this is a simple check to just use »/bin/sh«. Which environ‐ ment today does not have SHELL set? Sincerely, Christoph Lohmann
