[EMAIL PROTECTED] (Paul Jarc) writes: > I don't know this Hurd stuff very well (or at all, nearly), but in > Unix terms, I'd say whatever code sets uid=euid (if any) in a setuid > situation should take responsibility for clearing dangerous > environment variables (or any other attributes of the process state > inherited from the pre-setuid situation). As long as uid!=euid, > dangerous environment variables can be safely preserved but ignored. > Does the exec server set uid=euid? (Or is that not meaningful in the > Hurd?)
Except that this is totally non-Unix. The kernel does not change your SHELL environment variable when you do a setuid exec, nor should it. It's normally the responsibility of a setuid program to be careful, not the entity that starts it... Whether an environment variable is "dangerous" is a very hard, very non-local thing to determine, in general. That's why a special hack just for EXECSERVERS seems like a mistake. The only reason it comes up is because Unix programs might get run on the Hurd, and they don't know that the Hurd has a *new* dangerous environment variable. _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
