summaryrefslogtreecommitdiff
path: root/doc/pty/README.expect
diff options
context:
space:
mode:
authorJeremy Evans <code@jeremyevans.net>2022-08-24 11:38:17 -0700
committergit <svn-admin@ruby-lang.org>2022-09-28 17:26:03 +0900
commitcd77e71bbac9616a906f6823a8eba4922821e9ad (patch)
treefe505e404f4cb43c3b717bd26e9b1522bb9b5f82 /doc/pty/README.expect
parentb58710e006e71359650240d9de467bd4212435c6 (diff)
[ruby/net-http] Remove ENVIRONMENT_VARIABLE_IS_MULTIUSER_SAFEHEADmaster
This list is out of date. At least OpenBSD since 2013 does not allow one user to read the environment variables of a process run by another user. While we could try to keep the list updated, I think it's a bad idea to not use the user/password from the environment, even if another user on the system could read it. If http_proxy exists in the environment, and other users can read it, it doesn't make it more secure for Ruby to ignore it. You could argue that it encourages poor security practices, but net/http should provide mechanism, not policy. Fixes [Bug #18908] https://github.com/ruby/net-http/commit/1e4585153d
Diffstat (limited to 'doc/pty/README.expect')
0 files changed, 0 insertions, 0 deletions