| 1 |
On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote: |
| 2 |
> On Tuesday 30 August 2005 09:41 pm, Sven Köhler wrote: |
| 3 |
> > > init.d scripts should have a pure env given to them ... which means, they |
| 4 |
> > > should be run with `env -i` and have only whitelisted variables given to |
| 5 |
> > > them (and everything that appears in /etc/conf.d/$service /etc/conf.d/rc |
| 6 |
> > > and /etc/rc.conf) ... |
| 7 |
> > |
| 8 |
> > Now that may be too few variables. At least the variable LANG (or |
| 9 |
> > whatever the system-admin may chose to set) could be seen as a |
| 10 |
> > system-wide language-setting. It could be intentional, that at least |
| 11 |
> > some variables are available to the started server-processes. Especially |
| 12 |
> > a system-wide language-setting would be a good idea. |
| 13 |
> |
| 14 |
> that is the point of the whitelist idea ... we gather a 'full |
| 15 |
> env' (source /etc/profile i guess) and rip out just the whitelisted variables |
| 16 |
> to pass on to init scripts |
| 17 |
|
| 18 |
Although I agree, my personal opinion is that its going to be a major |
| 19 |
PITA to maintain, and slow things down. Also, not only runscript.sh |
| 20 |
will have to be 'whitelisted', but also /sbin/rc, which will mean that |
| 21 |
we now have to wrap two things. I guess a solution could have been to |
| 22 |
use /sbin/runscript (the C thing) for both (should work fine |
| 23 |
as /sbin/rc's interpreter as well), as that would buy some speed and |
| 24 |
kill one bash fork, but the problem comes in when we start with a |
| 25 |
vanilla environment that do not have /etc/profile sourced. |
| 26 |
|
| 27 |
(I guess we could do a function that just unset anything not in the |
| 28 |
whitelist via a for loop that we call top of /sbin/rc and runscript.sh, |
| 29 |
but bash for loops is kinda slow anyhow ...) |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
Martin Schlemmer |
Archives