URL: https://github.com/freeipa/freeipa/pull/204 Title: #204: ipautil.run: Remove hardcoded environ PATH value
mbasti-rh commented: """ Can you elaborate more about that attack? Do you have any links to share? If an attacker has permission to set a user environment variables, IMO the user has already lot of problems and it is too late to save that situation. I did git archaeology and this was the commit where it was added, so it was hard to find reason why it was added. """ See the full comment at https://github.com/freeipa/freeipa/pull/204#issuecomment-257640644
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
