On Sun, 15 Jan 2012 22:30:31 MST, Theo de Raadt wrote:
> > you forgot https_proxy and no_proxy...
> >
> > however, im against this change since it allows a user to redirect a progra
> m
> > they need privileges to use to an arbitrary proxy they specify, something
> > there is no good mitigation against.
>
> Indeed. That's right, isn't it Todd?
>
> The whole idea here was to not permit what you are trying to do.
I don't think it is a good idea to preserve those for everyone. If
someone needs it on a per-user basis it is easy enough to do.
We could include a commented out entry like:
#Defaults%wheel env_keep += "ftp_proxy http_proxy"
that is wheel-only.
- todd
