Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!wuarchive!husc6!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.wizards
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <5643:Sep122:09:4190@kramden.acf.nyu.edu>
Date: 1 Sep 90 22:09:41 GMT
References: <1990Aug27.171211.16272@maverick.ksu.ksu.edu> <1990Aug29.033933.10062@santra.uucp> <3991@auspex.auspex.com>
Distribution: usa
Organization: IR
Lines: 11

In article <3991@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes:
> The fix ain't to
> change "ld.so"s rules for when it should honor LD_LIBRARY_PATH, it's to
> change "login" to be more selective about which environment variables
> it'll pass through.

Rather, it's to make login non-setuid in the first place. The only time
login should run as root is from a controlled daemon, such as telnetd or
getty.

---Dan