1 |
On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote: |
2 |
> On Tuesday 30 August 2005 09:41 pm, Sven Köhler wrote: |
3 |
> > > init.d scripts should have a pure env given to them ... which means, they |
4 |
> > > should be run with `env -i` and have only whitelisted variables given to |
5 |
> > > them (and everything that appears in /etc/conf.d/$service /etc/conf.d/rc |
6 |
> > > and /etc/rc.conf) ... |
7 |
> > |
8 |
> > Now that may be too few variables. At least the variable LANG (or |
9 |
> > whatever the system-admin may chose to set) could be seen as a |
10 |
> > system-wide language-setting. It could be intentional, that at least |
11 |
> > some variables are available to the started server-processes. Especially |
12 |
> > a system-wide language-setting would be a good idea. |
13 |
> |
14 |
> that is the point of the whitelist idea ... we gather a 'full |
15 |
> env' (source /etc/profile i guess) and rip out just the whitelisted variables |
16 |
> to pass on to init scripts |
17 |
|
18 |
Although I agree, my personal opinion is that its going to be a major |
19 |
PITA to maintain, and slow things down. Also, not only runscript.sh |
20 |
will have to be 'whitelisted', but also /sbin/rc, which will mean that |
21 |
we now have to wrap two things. I guess a solution could have been to |
22 |
use /sbin/runscript (the C thing) for both (should work fine |
23 |
as /sbin/rc's interpreter as well), as that would buy some speed and |
24 |
kill one bash fork, but the problem comes in when we start with a |
25 |
vanilla environment that do not have /etc/profile sourced. |
26 |
|
27 |
(I guess we could do a function that just unset anything not in the |
28 |
whitelist via a for loop that we call top of /sbin/rc and runscript.sh, |
29 |
but bash for loops is kinda slow anyhow ...) |
30 |
|
31 |
|
32 |
-- |
33 |
Martin Schlemmer |