|
|
Steve Lawrence wrote:
> Looks like the environment contained in /etc/default/init is
> read and set
> by startd and init. Since zlogin'ed processes are not child
> of startd or init
> in the zone, they do not have these environment settings.
>
> Given brands, to fix this, we would need to add a hook that
> asks the zone:
>
> Please fetch me the default login environment.
And hope that the zone adminstrator hasn't figured out a way to violate
security constraints by setting malicious variables in that default
login environment...
Such as a specially-corrupted termcap (pushing data to the global-zone
xterm, for example), or a locale with similar "features"
>
> It would be similar to the hook that we currently have for
> fetching the
> passwd entry for a given user.
passwd entries are fairly easy to validate. Arbitrary environment
variables should not be accepted from an untrusted source.
--Joe
_______________________________________________
zones-discuss mailing list
zones-discuss@xxxxxxxxxxxxxxx
|
|