The unix security model of "you have to know how it works to make it secure" is starting to show it's issues...<p>Clearly, the author of this code thought of environment variables as any other kind of variable - a simple key-value map, which can have any keys and any values.<p>The fact that there are special keys and special values is just insane. Either environment variables should be a general purpose key value map, with no special values, or it should have <i>all</i> special values, pre-allocated keys which don't allow collisions, or not allow custom definitions at all.<p>There are lots of cases of this across unix-like OS's. For example "directories contain a special entry called '..' which goes up a level" or "TCP ports under 1024 are 'special'.<p>This is, in my opinion, poor API design, and we're paying for it now in the form of bugs and security issues.