May 10, 2005
2:30 p.m.
<<On Mon, 09 May 2005 20:55:19 -0700, Paul Eggert <eggert@CS.UCLA.EDU> said:
Another check, which Garrett Wollman alluded to, is that the GMT offset should be "sane". For example, it's reasonable to reject settings like TZ="XXX9999999999".
It's not enough that it be "sane"; for security-sensitive applications, it must also be "correct" (meaning what system administrators expect). This is why I advocate undefining (or ignoring) TZ in such programs, and why the System V model is defective. (Thankfully, POSIX gives us an escape hatch, by leaving the question of a system default timezone implementation-defined.) -GAWollman