Date: Fri, 25 Jan 2019 19:06:59 +0000 From: bugzilla-noreply@freebsd.org To: rc@FreeBSD.org Subject: [Bug 235185] www/fcgiwrap: environment should be cleaned in /usr/local/etc/rc.d/fcgiwrap Message-ID: <bug-235185-20181-o8fYqmsRsq@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/> References: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235185 --- Comment #18 from Devin Teske <dteske@FreeBSD.org> --- (In reply to Rodney W. Grimes from comment #17) There exists a case where "sloppy" may not apply. Legacy jails may often have the following in login.conf: default:\ ...\ =20=20=20=20=20=20 :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES,PACKAGESI= TE=3Dftp\c//ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/= 9.2-RELEASE/packages/Latest/:\ ...\ Which naturally sets $PACKAGESITE in the environment for all users. In this case, you may want the environment variable set for all users that login, but you don't want it leaked to services for various reasons (in the OP's case, there may be nothing that can be done about enumerating the environment -- it may be a required setup -- but you don't want this variab= le to give away pertinent security-specific information that could facilitate hacking your machine by knowing which version of the OS is in-use). The default value for the proposed new knob would be NO. The knob would be opt-in only and on a per-service basis. It would act as value-add on top of existing features like above. As for your stated options (a, b, c list), I concur with that list. I would add that as long as the rc.d script uses the rc.subr routines for starting services according to rc.conf settings (descriptive of the fcgiwrap rc.d script), then the new knob would be applied regardless of whether you = use service or invoke the rc.d script manually. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235185-20181-o8fYqmsRsq>