Date: Thu, 5 Aug 2004 12:30:30 GMT From: Ruslan Ermilov <ru@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment Message-ID: <200408051230.i75CUUMS073270@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/70024; it has been noted by GNATS. From: Ruslan Ermilov <ru@FreeBSD.org> To: Dmitry Sivachenko <mitya@demos.su> Cc: bug-followup@FreeBSD.org Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment Date: Thu, 5 Aug 2004 15:23:12 +0300 On Thu, Aug 05, 2004 at 02:09:18PM +0400, Dmitry Sivachenko wrote: > > Add -l option to jail(8). Before running jail'ed program under > specific user's credentials, clean the > environment and set only a few variables. > > +.It Fl l > +Run program in the clean environment. > +The environment is discarded except for > +.Ev HOME , > +.Ev SHELL , > +.Ev TERM > +and > +.Ev USER . > +.Ev HOME > +and > +.Ev SHELL > +are set to the target login's default values. > +.Ev USER > +is set to the target login. > +.Ev TERM > +is imported from your current environment. > +The environment variables from the login class capability database for the > +target login are also set. > Not giving an administrator the choice to select which variables should be leaked is not good. How this patch is different from using the "env -i ...", specifying all necessary exports? Cheers, -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408051230.i75CUUMS073270>