Steve Lawrence wrote:
> Looks like the environment contained in /etc/default/init is 
> read and set
> by startd and init.  Since zlogin'ed processes are not child 
> of startd or init
> in the zone, they do not have these environment settings.
> Given brands, to fix this, we would need to add a hook that 
> asks the zone:
>     Please fetch me the default login environment.

And hope that the zone adminstrator hasn't figured out a way to violate
security constraints by setting malicious variables in that default
login environment...

Such as a specially-corrupted termcap (pushing data to the global-zone
xterm, for example), or a locale with similar "features"

> It would be similar to the hook that we currently have for 
> fetching the
> passwd entry for a given user.

passwd entries are fairly easy to validate.  Arbitrary environment
variables should not be accepted from an untrusted source.

zones-discuss mailing list

Reply via email to