From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E7HmE-0003VW-O2 for garchives@archives.gentoo.org; Mon, 22 Aug 2005 19:16:11 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7MJEouJ027531; Mon, 22 Aug 2005 19:14:50 GMT Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7MJEnev017401 for ; Mon, 22 Aug 2005 19:14:49 GMT Received: from [35.9.44.33] (caffeine [35.9.44.33]) (authenticated bits=0) by egr.msu.edu (8.13.4/8.13.4) with ESMTP id j7MJFX96006720 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 22 Aug 2005 15:15:33 -0400 (EDT) Message-ID: <430A2453.5050008@egr.msu.edu> Date: Mon, 22 Aug 2005 15:15:31 -0400 From: warnera6 User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] Re: Environment Whitelisting References: <4308E349.8010107@egr.msu.edu> <20050822035207.GA26017@phaenix.haell.com> <200508222352.13913.jstubbs@gentoo.org> <430A149D.1050907@gmail.com> In-Reply-To: <430A149D.1050907@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 3b930778-57ee-4ad7-a574-0edcfeeba4a4 X-Archives-Hash: d431557ea841a185792765642453841e Zac Medico wrote: > Jason Stubbs wrote: > >> On Monday 22 August 2005 12:52, Drake Wyrm wrote: >> >>> Alec Warner wrote: >>> >>>> Was talking with Brian about the build environment and how settings >>>> were to be passed into the build environment. >>>> >>>> Essentially three scenarios were presented. >>> >>> >>> Snip and summary: >>> >>> 1) Pass everything >>> >>> 2) Blacklist and strip bad stuff >>> >>> 3) Whitelist good stuff; strip everything else >>> >>> >>>> To me 1) is unacceptable and 3) is the best option. Feel free to >>>> shoot these down as you see fit ;) >>> >>> >>> Option 4: Strip everything. >>> >>> Nothing is passed from the original environment; everything passed in >>> the >>> environment is considered to be a "portage variable". This, I suppose, >>> is an extreme case of the whitelist. >> >> >> >> Well, I'll go against the flow. ;) >> >> My preference would go 4, 3, 2 then 1. While Makefiles and configure >> scripts may be "broken" upstream, how long is it before the breakage >> goes unnoticed? More importantly, what's the chances of a dev finding >> the breakage before users? Cleansing the environment to me is akin to >> using sandbox. It offers protection against misbehaving packages... >> > > Good point. How about if we add environment sandboxing support (in > addition to filesystem sandboxing) to sandbox. With an environment > sandbox, we could detect specifically which variables a build is fragile > with regard to. The sandbox would have both filesystem access and > environment access violation summaries. "environmental sandbox" being similar to sandbox, or the cleansing of the environment? The latter is easy, the former...I am not sure how you begin to detect variable use in bash :/ I am leaning more toward the 2,4,3,1 angle. I find the information that variable X breaks builds more useful than having a clean environment ALL the time. I am satisfied as long as a clean environment is an option for those who wish their environment to be all nice and pretty ;) I don't see exactly the difference between 4) and 3) however...4 seems to be just a python enforced version of 3). -Alec Warner (antarus) -- gentoo-portage-dev@gentoo.org mailing list