| 1 |
On Mon, 2005-08-22 at 12:24 -0700, Zac Medico wrote: |
| 2 |
> warnera6 wrote: |
| 3 |
> >>> My preference would go 4, 3, 2 then 1. While Makefiles and configure |
| 4 |
> >>> scripts may be "broken" upstream, how long is it before the breakage |
| 5 |
> >>> goes unnoticed? More importantly, what's the chances of a dev finding |
| 6 |
> >>> the breakage before users? Cleansing the environment to me is akin to |
| 7 |
> >>> using sandbox. It offers protection against misbehaving packages... |
| 8 |
> >>> |
| 9 |
> >> |
| 10 |
> >> Good point. How about if we add environment sandboxing support (in |
| 11 |
> >> addition to filesystem sandboxing) to sandbox. With an environment |
| 12 |
> >> sandbox, we could detect specifically which variables a build is |
| 13 |
> >> fragile with regard to. The sandbox would have both filesystem access |
| 14 |
> >> and environment access violation summaries. |
| 15 |
> > |
| 16 |
> > "environmental sandbox" being similar to sandbox, or the cleansing of |
| 17 |
> > the environment? The latter is easy, the former...I am not sure how you |
| 18 |
> > begin to detect variable use in bash :/ |
| 19 |
> > |
| 20 |
> |
| 21 |
> AFAIK we can intercept getenv() calls the same way that we intercept filesystem calls. IMO the white/black/override lists would best be implemented at this level. |
| 22 |
|
| 23 |
getenv is'nt a system call. It is in the section 3 of the manual and I |
| 24 |
tried this: |
| 25 |
|
| 26 |
#include <unistd.h> |
| 27 |
|
| 28 |
int main () |
| 29 |
{ |
| 30 |
getenv("USER"); |
| 31 |
return 0; |
| 32 |
} |
| 33 |
|
| 34 |
// $ strace ./test 2>&1 | grep USER |
| 35 |
// $ strace ./test 2>&1 | grep foo # where $USER=foo |
| 36 |
|
| 37 |
and both output is empty. I have'nt checked how sandbox is working for |
| 38 |
filesystem, but filesystem related calls are at somepoint forwarded to |
| 39 |
the kernel and that is probably where sandbox is hooking. But as getenv |
| 40 |
is'nt a syscall, you could probably could probably find a way to get it |
| 41 |
to working by not linking on libc, define getenv and load libc with |
| 42 |
dlopen, but that will be a pain. As you need to libc to get your main |
| 43 |
called. |
| 44 |
|
| 45 |
Kristian |
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-portage-dev@g.o mailing list |
Archives