URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value

mbasti-rh commented:
Can you elaborate more about that attack? Do you have any links to share?
If an attacker has permission to set a user environment variables, IMO the user 
has already lot of problems and it is too late to save that situation.

I did git archaeology and this was the commit where it was added, so it was 
hard to find reason why it was added.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to