From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E7Gil-0004IG-0S for garchives@archives.gentoo.org; Mon, 22 Aug 2005 18:08:31 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7MI7ER9029620; Mon, 22 Aug 2005 18:07:14 GMT Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7MI7CEc029762 for ; Mon, 22 Aug 2005 18:07:13 GMT Received: by rproxy.gmail.com with SMTP id j1so1017204rnf for ; Mon, 22 Aug 2005 11:07:56 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=WSA6wzcjZg7iXzDs6Fobsg4eNU8gO6kfz3jODrrhzLmhSfTDVSEvA3bzh1vG7E4E6ErLrYF3ZXSDXlhCis2ETlCsuxLXtMA+AleqWddODxSVjtge2SDWu3Af1JxMhZA315V57jbBPCsQTwj4cKBw4D+6pbrjiUQmoZE4STn3wm8= Received: by 10.38.104.71 with SMTP id b71mr64634rnc; Mon, 22 Aug 2005 11:07:56 -0700 (PDT) Received: from ?192.168.0.2? ([68.101.114.219]) by mx.gmail.com with ESMTP id k3sm4103552rnb.2005.08.22.11.07.54; Mon, 22 Aug 2005 11:07:56 -0700 (PDT) Message-ID: <430A149D.1050907@gmail.com> Date: Mon, 22 Aug 2005 11:08:29 -0700 From: Zac Medico User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050804) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] Re: Environment Whitelisting References: <4308E349.8010107@egr.msu.edu> <20050822035207.GA26017@phaenix.haell.com> <200508222352.13913.jstubbs@gentoo.org> In-Reply-To: <200508222352.13913.jstubbs@gentoo.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 3223b471-184b-433e-ae9e-78ed8335c5d4 X-Archives-Hash: fd53aadaaa224d3c58eb620d9b916ae3 Jason Stubbs wrote: > On Monday 22 August 2005 12:52, Drake Wyrm wrote: > >>Alec Warner wrote: >> >>>Was talking with Brian about the build environment and how settings >>>were to be passed into the build environment. >>> >>>Essentially three scenarios were presented. >> >>Snip and summary: >> >>1) Pass everything >> >>2) Blacklist and strip bad stuff >> >>3) Whitelist good stuff; strip everything else >> >> >>>To me 1) is unacceptable and 3) is the best option. Feel free to >>>shoot these down as you see fit ;) >> >>Option 4: Strip everything. >> >>Nothing is passed from the original environment; everything passed in the >>environment is considered to be a "portage variable". This, I suppose, >>is an extreme case of the whitelist. > > > Well, I'll go against the flow. ;) > > My preference would go 4, 3, 2 then 1. While Makefiles and configure scripts > may be "broken" upstream, how long is it before the breakage goes > unnoticed? More importantly, what's the chances of a dev finding the > breakage before users? Cleansing the environment to me is akin to using > sandbox. It offers protection against misbehaving packages... > Good point. How about if we add environment sandboxing support (in addition to filesystem sandboxing) to sandbox. With an environment sandbox, we could detect specifically which variables a build is fragile with regard to. The sandbox would have both filesystem access and environment access violation summaries. Zac -- gentoo-portage-dev@gentoo.org mailing list