TZ environment variable
Garrett Wollman
wollman at csail.mit.edu
Tue May 10 14:30:51 UTC 2005
<<On Mon, 09 May 2005 20:55:19 -0700, Paul Eggert <eggert at CS.UCLA.EDU> said:
> Another check, which Garrett Wollman alluded to, is that the GMT
> offset should be "sane". For example, it's reasonable to reject
> settings like TZ="XXX9999999999".
It's not enough that it be "sane"; for security-sensitive
applications, it must also be "correct" (meaning what system
administrators expect). This is why I advocate undefining (or
ignoring) TZ in such programs, and why the System V model is
defective. (Thankfully, POSIX gives us an escape hatch, by leaving
the question of a system default timezone implementation-defined.)
-GAWollman
More information about the tz
mailing list