[Pkg-shadow-devel] Bug#857803: Bug#857803: shadow: Make the sp_lstchg shadow field reproducible.

Chris Lamb lamby at debian.org
Sun Apr 9 13:51:50 UTC 2017

Hi Serge,

> > > looks ok to me, although, would it be better to fall back to time(NULL)
> > > if the env variable is invalid?
> > 
> > In my experience it is far superior to explicitly error out in this
> > situation.
> My concern is unprivileged users causing unexpected failure in a more
> privileged script or program by setting an invalid environment variable.

I hadn't considered that until now. However, I think you have bigger
problems if you can do that (eg. manipulate PATH!) and tools generally
do the right thing these days with respect to cleaning the environment
(eg. sudo).


     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk

More information about the Pkg-shadow-devel mailing list