Steve Lawrence wrote:
> Looks like the environment contained in /etc/default/init is
> read and set
> by startd and init. Since zlogin'ed processes are not child
> of startd or init
> in the zone, they do not have these environment settings.
> Given brands, to fix this, we would need to add a hook that
> asks the zone:
> Please fetch me the default login environment.
And hope that the zone adminstrator hasn't figured out a way to violate
security constraints by setting malicious variables in that default
Such as a specially-corrupted termcap (pushing data to the global-zone
xterm, for example), or a locale with similar "features"
> It would be similar to the hook that we currently have for
> fetching the
> passwd entry for a given user.
passwd entries are fairly easy to validate. Arbitrary environment
variables should not be accepted from an untrusted source.
zones-discuss mailing list