Disable environment settings
Michael ODonnell
michael.odonnell at comcast.net
Thu May 29 16:18:17 EDT 2008
> Is there a way to prevent them from being able to manually
> change certain environment variables
Basically, no. The "environment" is just a bunch of NULL
terminated strings and there's nothing sacred or special
about any of them. The various flavors of the exec() syscall
just blindly accept and propagate whatever they're handed as
the environment by whatever process is making the syscall,
so you'd have to either change the operation of the syscall
or somehow ensure that any program that exec'd another was
willing to preserve the variables you wanted to be Read-Only...
More information about the gnhlug-discuss
mailing list