A security hole (/bin/sh IFS)

[Chris Torek]

Incidentally, note that the 4.3BSD /bin/sh does not import IFS from
the environment (like Doug Gwyn's BRL sh), except that it does this
*only* if you are root or if geteuid()!=getuid().  (Making it an exception
for root/setuid is, I think, bogus.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at mimsy.umd.edu	Path:	uunet!mimsy!chris