From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E73N2-0000eJ-5D for garchives@archives.gentoo.org; Mon, 22 Aug 2005 03:53:12 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7M3pVb5021253; Mon, 22 Aug 2005 03:51:31 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7M3pUBD020305 for ; Mon, 22 Aug 2005 03:51:30 GMT Received: from c-24-10-82-41.hsd1.ca.comcast.net ([24.10.82.41] helo=phaenix.haell.com) by smtp.gentoo.org with esmtp (Exim 4.43) id 1E73Lz-00074E-HJ for gentoo-portage-dev@lists.gentoo.org; Mon, 22 Aug 2005 03:52:07 +0000 Received: by phaenix.haell.com (Postfix, from userid 1000) id 42D9025802F2; Sun, 21 Aug 2005 20:52:07 -0700 (PDT) Date: Sun, 21 Aug 2005 20:52:07 -0700 From: Drake Wyrm To: gentoo-portage-dev@lists.gentoo.org Subject: [gentoo-portage-dev] Re: Environment Whitelisting Message-ID: <20050822035207.GA26017@phaenix.haell.com> Mail-Followup-To: gentoo-portage-dev@gentoo.org References: <4308E349.8010107@egr.msu.edu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4308E349.8010107@egr.msu.edu> X-Arch: athlon_tbird-gentoo-linux-gnu X-Fnord: There is no conspiracy X-Fortune: The secret of happiness is total disregard of everybody. User-Agent: Mutt/1.5.8i X-Archives-Salt: 879f5687-3c29-4841-b670-b2ec9c04769a X-Archives-Hash: 1ac91030caf88c416d66005246091cab Alec Warner wrote: > Was talking with Brian about the build environment and how settings > were to be passed into the build environment. > > Essentially three scenarios were presented. > Snip and summary: 1) Pass everything 2) Blacklist and strip bad stuff 3) Whitelist good stuff; strip everything else > > To me 1) is unacceptable and 3) is the best option. Feel free to > shoot these down as you see fit ;) Option 4: Strip everything. Have portage take a snapshot of the environment and keep it in a hash (or whatever Python call associative arrays) when it starts. Nothing in the environment is to be trusted, so flush it. Portage already parses certain environment variables to establish the build environment; have portage parse its snapshot to establish the build environment. Nothing is passed from the original environment; everything passed in the environment is considered to be a "portage variable". This, I suppose, is an extreme case of the whitelist. I don't particularly like option 4, but it is an option. I much prefer option 1. It's more work for the maintainers, but breakage from the environment should be fixed in the Makefile and pushed upstream. -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^ A unix signature isn't a return address, it's the ASCII equivalent of ^ ^ a black velvet clown painting. It's a rectangle of carets surrounding ^ ^ a quote from a literary giant of weeniedom like Heinlein or Dr. Who. ^ ^ -- Chris Maeda ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- gentoo-portage-dev@gentoo.org mailing list