Re: [dev] Adding utmpx stuff

From: Christoph Lohmann <20h_AT_r-36.net>
Date: Tue, 09 Oct 2012 19:31:50 +0200

Greetings.

On Tue, 09 Oct 2012 19:31:50 +0200 "Roberto E. Vargas Caballero" <k0ga_AT_shike2.com> wrote:
> >
> > Relay in correct values of LOGNAME and USER is a security risk. If st
> > doesn't check against /etc/passwd you can get who(1) shows other user as
> > connected, for example. Usually these variables are set by login(1), and
> > like a terminal emulator is doing the login job, setting these variables are
> > work of st.
>
> And if SHELL is not set, st before this patch segfault.

Actually, this is a simple check to just use »/bin/sh«. Which environ‐
ment today does not have SHELL set?


Sincerely,

Christoph Lohmann
Received on Tue Oct 09 2012 - 19:31:50 CEST

This archive was generated by hypermail 2.3.0 : Tue Oct 09 2012 - 19:48:02 CEST