undefined | Better HN

0 pointsDylan168079mo ago0 comments

Relax, someone else already explained it without shouting.

0 comments

At the time they hadn't and I'm fed up of the jumping to conclusions that env vars are the cause of any security issue. This is blaming poor code from poor devs on expert features from UNIX all to often.

Worrying when said person has authored a widely used security product(!). This is a bad trend in the industry that needs to stop.

Dylan16807OP9mo ago

> At the time they hadn't

Their comment was before yours.

rob_c9mo ago

if that's the comment you mean, it also misses the point

1 more reply

mkj9mo ago

I'll say it again - environment variables or pam_env aren't expert features - they're primitive. They were a contributing factor in the first privilege escalation.

rob_c9mo ago

Hardly, it's a minor coding bug to do with defaults.

j / k navigate · click thread line to collapse

0 comments

rob_c9mo ago

Worrying when said person has authored a widely used security product(!). This is a bad trend in the industry that needs to stop.

Dylan16807OP9mo ago

> At the time they hadn't

Their comment was before yours.

rob_c9mo ago

if that's the comment you mean, it also misses the point

1 more reply

mkj9mo ago

I'll say it again - environment variables or pam_env aren't expert features - they're primitive. They were a contributing factor in the first privilege escalation.

rob_c9mo ago

Hardly, it's a minor coding bug to do with defaults.

j / k navigate · click thread line to collapse