On Thu, Jan 11, 2007 at 10:58:07AM -0500, Jean-Louis Martineau wrote:
> amanda remove most the environment variable for security reason.
> mailx require the HOME environment variable to find the user .mailrc file
> Could you try the attached patch.
>
> Do someone know if the HOME environment variable can be used to break
> suid program?
of course it can!
passing only MAILRC variable (and leaving HOME unset) might be slightly
safer in this case.
--
Aaron J. Grier | "Not your ordinary poofy goof." | [EMAIL PROTECTED]
"silly brewer, saaz are for pils!" -- virt
