Gentoo Archives: gentoo-portage-dev

From: warnera6 <warnera6@×××××××.edu>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] Re: Environment Whitelisting
Date: Mon, 22 Aug 2005 19:16:11
Message-Id: 430A2453.5050008@egr.msu.edu
In Reply to: Re: [gentoo-portage-dev] Re: Environment Whitelisting by Zac Medico
1 Zac Medico wrote:
2 > Jason Stubbs wrote:
3 >
4 >> On Monday 22 August 2005 12:52, Drake Wyrm wrote:
5 >>
6 >>> Alec Warner <warnera6@×××××××.edu> wrote:
7 >>>
8 >>>> Was talking with Brian about the build environment and how settings
9 >>>> were to be passed into the build environment.
10 >>>>
11 >>>> Essentially three scenarios were presented.
12 >>>
13 >>>
14 >>> Snip and summary:
15 >>>
16 >>> 1) Pass everything
17 >>>
18 >>> 2) Blacklist and strip bad stuff
19 >>>
20 >>> 3) Whitelist good stuff; strip everything else
21 >>>
22 >>>
23 >>>> To me 1) is unacceptable and 3) is the best option. Feel free to
24 >>>> shoot these down as you see fit ;)
25 >>>
26 >>>
27 >>> Option 4: Strip everything.
28 >>>
29 >>> Nothing is passed from the original environment; everything passed in
30 >>> the
31 >>> environment is considered to be a "portage variable". This, I suppose,
32 >>> is an extreme case of the whitelist.
33 >>
34 >>
35 >>
36 >> Well, I'll go against the flow. ;)
37 >>
38 >> My preference would go 4, 3, 2 then 1. While Makefiles and configure
39 >> scripts may be "broken" upstream, how long is it before the breakage
40 >> goes unnoticed? More importantly, what's the chances of a dev finding
41 >> the breakage before users? Cleansing the environment to me is akin to
42 >> using sandbox. It offers protection against misbehaving packages...
43 >>
44 >
45 > Good point. How about if we add environment sandboxing support (in
46 > addition to filesystem sandboxing) to sandbox. With an environment
47 > sandbox, we could detect specifically which variables a build is fragile
48 > with regard to. The sandbox would have both filesystem access and
49 > environment access violation summaries.
50 "environmental sandbox" being similar to sandbox, or the cleansing of
51 the environment? The latter is easy, the former...I am not sure how you
52 begin to detect variable use in bash :/
53
54 I am leaning more toward the 2,4,3,1 angle. I find the information that
55 variable X breaks builds more useful than having a clean environment ALL
56 the time. I am satisfied as long as a clean environment is an option
57 for those who wish their environment to be all nice and pretty ;)
58
59 I don't see exactly the difference between 4) and 3) however...4 seems
60 to be just a python enforced version of 3).
61
62 -Alec Warner (antarus)
63 --
64 gentoo-portage-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-portage-dev] Re: Environment Whitelisting Zac Medico <zmedico@×××××.com>