From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E7Jw0-0003dV-TA for garchives@archives.gentoo.org; Mon, 22 Aug 2005 21:34:25 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7MLWgjt006259; Mon, 22 Aug 2005 21:32:42 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7MLWgln024637 for ; Mon, 22 Aug 2005 21:32:42 GMT Received: from p54a6743c.dip.t-dialin.net ([84.166.116.60] helo=andy.genone.homeip.net) by smtp.gentoo.org with esmtpa (Exim 4.43) id 1E7Jv4-0003Yb-Of for gentoo-portage-dev@lists.gentoo.org; Mon, 22 Aug 2005 21:33:27 +0000 Date: Mon, 22 Aug 2005 23:33:23 +0200 From: Marius Mauch To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] Environment Whitelisting Message-ID: <20050822233323.276ad887@andy.genone.homeip.net> In-Reply-To: <4308E349.8010107@egr.msu.edu> References: <4308E349.8010107@egr.msu.edu> X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 104d3d05-55b7-44cc-a3dd-ccf593a951ef X-Archives-Hash: c5b12a54f150e0651fc3541c29d940ec On 08/21/05 Alec Warner wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Was talking with Brian about the build environment and how settings > were to be passed into the build environment. > > Essentially three scenarios were presented. > > 1) The full environment is passed to the build environment. This was > generally agreed upon to be bad since there are environmental things > that can cause build problems. > > 2) The full environment is parsed via a blacklist to strip out > environment settings that are known to be bad for building packages. > This leads to a clean* build environment. However, maintaining the > blacklist can be a challenge if it grows in size. > > (*) clean, meaining all the bad things we know about are not in the > build environment. This does not account for the bad things we do NOT > know about. > > 3) The full environment is parsed via a whitelist to get a list of > environment settings that are known to be good for building packages. > This leads to a clean build environment, as only whitelisted > environment settings are passed in. However, the whitelist will > probably be worse to maintain than a blacklist. > > Both 2) and 3) above have issues where some build variables are bad > for ebuild X but not ebuild Y. I am unsure how exactly to cover any > kind of situation like that ( and I don't have an example from the > tree, save perhaps LANG=weird-language ). > > To me 1) is unacceptable and 3) is the best option. Feel free to > shoot these down as you see fit ;) Well, codewise 2) and 3) aren't that different (one is just the inversion of the other), so why not implement both, make a config setting for it and get empirical data to find the "best" solution? Actually don't even need a config switch, just detect if a blacklist or a whitelist is present and use them then. Theoretical discussions about this are pointless IMO without numbers/facts to back things up. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. -- gentoo-portage-dev@gentoo.org mailing list