From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EAIAB-0000iL-U4 for garchives@archives.gentoo.org; Wed, 31 Aug 2005 02:17:20 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7V2DtSJ016961; Wed, 31 Aug 2005 02:13:55 GMT Received: from ctb-mesg8.saix.net (ctb-mesg8.saix.net [196.25.240.88]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7V2BrR1007197 for ; Wed, 31 Aug 2005 02:11:54 GMT Received: from gateway.lan (wblv-146-203-172.telkomadsl.co.za [165.146.203.172]) by ctb-mesg8.saix.net (Postfix) with ESMTP id 428A836F1 for ; Wed, 31 Aug 2005 04:13:33 +0200 (SAST) Received: from localhost (localhost.localdomain [127.0.0.1]) by gateway.lan (Postfix) with ESMTP id 1392A3A2482 for ; Wed, 31 Aug 2005 03:47:37 +0200 (SAST) Received: from gateway.lan ([127.0.0.1]) by localhost (gateway.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27184-04 for ; Wed, 31 Aug 2005 03:47:29 +0200 (SAST) Received: from lycan.lan (lycan.lan [192.168.0.5]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by gateway.lan (Postfix) with ESMTP id A2F0A3A23CC for ; Wed, 31 Aug 2005 03:47:29 +0200 (SAST) Subject: Re: [gentoo-dev] Re: init.d-scripts don't see stuff from /etc/profile.env From: Martin Schlemmer To: gentoo-dev@lists.gentoo.org In-Reply-To: <200508302157.52550.vapier@gentoo.org> References: <200508301909.51972.vapier@gentoo.org> <200508302157.52550.vapier@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-U1wd2heTbNGeyHFgKaOb" Organization: Gentoo Foundation Date: Wed, 31 Aug 2005 04:15:23 +0200 Message-Id: <1125454523.7443.28.camel@lycan.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.3.8 X-Virus-Scanned: by amavisd-new using ClamAV at nosferatu.za.org X-Archives-Salt: e27f4841-0e6c-489a-967a-035dd9c14eaa X-Archives-Hash: d790e2fc0009186a40c1d46612a4deff --=-U1wd2heTbNGeyHFgKaOb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote: > On Tuesday 30 August 2005 09:41 pm, Sven K=C3=B6hler wrote: > > > init.d scripts should have a pure env given to them ... which means, = they > > > should be run with `env -i` and have only whitelisted variables given= to > > > them (and everything that appears in /etc/conf.d/$service /etc/conf.d= /rc > > > and /etc/rc.conf) ... > > > > Now that may be too few variables. At least the variable LANG (or > > whatever the system-admin may chose to set) could be seen as a > > system-wide language-setting. It could be intentional, that at least > > some variables are available to the started server-processes. Especiall= y > > a system-wide language-setting would be a good idea. >=20 > that is the point of the whitelist idea ... we gather a 'full=20 > env' (source /etc/profile i guess) and rip out just the whitelisted varia= bles=20 > to pass on to init scripts Although I agree, my personal opinion is that its going to be a major PITA to maintain, and slow things down. Also, not only runscript.sh will have to be 'whitelisted', but also /sbin/rc, which will mean that we now have to wrap two things. I guess a solution could have been to use /sbin/runscript (the C thing) for both (should work fine as /sbin/rc's interpreter as well), as that would buy some speed and kill one bash fork, but the problem comes in when we start with a vanilla environment that do not have /etc/profile sourced. (I guess we could do a function that just unset anything not in the whitelist via a for loop that we call top of /sbin/rc and runscript.sh, but bash for loops is kinda slow anyhow ...) --=20 Martin Schlemmer --=-U1wd2heTbNGeyHFgKaOb Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQBDFRK7qburzKaJYLYRAnLeAJ49ZT9dMgVq4dxHjCesAjkp4FATIACfVeXQ G/6HndYuvyLXMPC7dbqLOY0= =zwFc -----END PGP SIGNATURE----- --=-U1wd2heTbNGeyHFgKaOb-- -- gentoo-dev@gentoo.org mailing list