cron source code says:
/* Set user's entire context, but skip the environment
* as cron provides a separate interface for this
The fact that environment variables can be set in the crontab doesn't justify ignoring login.conf; it just introduces usability obstacles by requiring duplicate settings everywhere. cron should respect all parts of the user's login class, not pick and choose.
Changing cron's treatment of the environment would be a POLA violation with possible security consequences. Please don't.
(In reply to Bob Bishop from comment #1)
There's more to security than blowing away the environment everywhere; it's also important to allow necessary settings to be made in a centralized and trusted place.
Back in the day (I've been using Unix in one form or another for 30+ years and admining it for 25+, I'm not new at this) when environment variables were things you set in commands in your .profile, it was reasonable for cron to ignore that and start from scratch. But the existence of login.conf changes that logic.
My argument is that the POLA violation goes the other way: that any time that values in login.conf are *not* respected is surprising.
(In reply to andrew from comment #2)
I've been around the block a few times also :-)
I'm content to disagree on this, let's see what other people think.