Re: [dev] Adding utmpx stuff

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Christoph Lohmann <20h_AT_r-36.net>
Date: Tue, 09 Oct 2012 19:25:29 +0200

Hello.

On Tue, 09 Oct 2012 19:25:29 +0200 "Roberto E. Vargas Caballero" <k0ga_AT_shike2.com> wrote:
> > This patch is fixing something st shouldn’t do. In my environment all
> > the environment variables you propose to add are set. That’s something
> > the shell should do and not the terminal emulator. A terminal emulator
> > should be neutral to this. Sorry, but I think you are fixing something
> > at the wrong place in your environment. If this metadata for good old
> > style tty’s is needed, well, try to fix this in the existing operating
> > systems.
>
> Relay in correct values of LOGNAME and USER is a security risk. If st
> doesn't check against /etc/passwd you can get who(1) shows other user as
> connected, for example. Usually these variables are set by login(1), and
> like a terminal emulator is doing the login job, setting these variables are
> work of st.

How is this a possible security risk? St shouldn’t be used to control
login shells. It’s there to show escape sequences jump around on a
screen.

Sincerely,

Christoph Lohmann
Received on Tue Oct 09 2012 - 19:25:29 CEST

This archive was generated by hypermail 2.3.0 : Tue Oct 09 2012 - 19:36:09 CEST