The unix security model of "you have to know how it works to make it secure" is starting to show it's issues...
Clearly, the author of this code thought of environment variables as any other kind of variable - a simple key-value map, which can have any keys and any values.
The fact that there are special keys and special values is just insane. Either environment variables should be a general purpose key value map, with no special values, or it should have all special values, pre-allocated keys which don't allow collisions, or not allow custom definitions at all.
There are lots of cases of this across unix-like OS's. For example "directories contain a special entry called '..' which goes up a level" or "TCP ports under 1024 are 'special'.
This is, in my opinion, poor API design, and we're paying for it now in the form of bugs and security issues.
Clearly, the author of this code thought of environment variables as any other kind of variable - a simple key-value map, which can have any keys and any values.
The fact that there are special keys and special values is just insane. Either environment variables should be a general purpose key value map, with no special values, or it should have all special values, pre-allocated keys which don't allow collisions, or not allow custom definitions at all.
There are lots of cases of this across unix-like OS's. For example "directories contain a special entry called '..' which goes up a level" or "TCP ports under 1024 are 'special'.
This is, in my opinion, poor API design, and we're paying for it now in the form of bugs and security issues.