> > Relay in correct values of LOGNAME and USER is a security risk. If st > doesn't check against /etc/passwd you can get who(1) shows other user as > connected, for example. Usually these variables are set by login(1), and > like a terminal emulator is doing the login job, setting these variables are > work of st.
And if SHELL is not set, st before this patch segfault.