[Freeipa-devel] [freeipa PR#204][comment] ipautil.run: Remove hardcoded environ PATH value
mbasti-rh
freeipa-github-notification at redhat.com
Tue Nov 1 17:55:39 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value
mbasti-rh commented:
"""
Can you elaborate more about that attack? Do you have any links to share?
If an attacker has permission to set a user environment variables, IMO the user has already lot of problems and it is too late to save that situation.
I did git archaeology and this was the commit where it was added, so it was hard to find reason why it was added.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/204#issuecomment-257640644
More information about the Freeipa-devel
mailing list