Date: Thu, 5 Aug 2004 12:50:20 GMT From: Dmitry Sivachenko <demon@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment Message-ID: <200408051250.i75CoKw1075089@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/70024; it has been noted by GNATS. From: Dmitry Sivachenko <demon@FreeBSD.org> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: bug-followup@FreeBSD.org Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment Date: Thu, 5 Aug 2004 16:43:22 +0400 On Thu, Aug 05, 2004 at 03:23:12PM +0300, Ruslan Ermilov wrote: > On Thu, Aug 05, 2004 at 02:09:18PM +0400, Dmitry Sivachenko wrote: > > > > Add -l option to jail(8). Before running jail'ed program under > > specific user's credentials, clean the > > environment and set only a few variables. > > > > +.It Fl l > > +Run program in the clean environment. > > +The environment is discarded except for > > +.Ev HOME , > > +.Ev SHELL , > > +.Ev TERM > > +and > > +.Ev USER . > > +.Ev HOME > > +and > > +.Ev SHELL > > +are set to the target login's default values. > > +.Ev USER > > +is set to the target login. > > +.Ev TERM > > +is imported from your current environment. > > +The environment variables from the login class capability database for the > > +target login are also set. > > > Not giving an administrator the choice to select which variables > should be leaked is not good. How this patch is different from > using the "env -i ...", specifying all necessary exports? > I thought about env(1). Convenience is the main reason for this change. This is similar to -l option of su(1) command.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408051250.i75CoKw1075089>