Date: Fri, 25 Jan 2019 18:55:38 +0000 From: bugzilla-noreply@freebsd.org To: rc@FreeBSD.org Subject: [Bug 235185] www/fcgiwrap: environment should be cleaned in /usr/local/etc/rc.d/fcgiwrap Message-ID: <bug-235185-20181-BC1gfw2CUP@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/> References: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235185 --- Comment #17 from Rodney W. Grimes <rgrimes@FreeBSD.org> --- (In reply to Devin Teske from comment #15) This idea is appladable, but what is the default value of this knob? If it is yes so that the environment is sanitized satisfying vas@'s desires= it would be a POLA violation for anyone who has been using environment variabl= es to effect things started by rc.d scripts. If it is no, leaving the system function as is so no POLA or breakage it wo= uld not achieve what vas@ is asking for. And in either case one would not likely find this subtle knob addition that effects this change for what is now looking to be a small edge case of slop= py admins that work as root with poluted ENV invoking daemon starting scripts directly rather than using the services wrap (which someone did find to be doing the sanitization asked for and hence I now deam the correct solution = to this bug report, no change needed.) All that being said, I would in no way object to: a) Adding a env -i to the rc.d/fcgiwrap start script AND submitting a repo= rt to the author asking that he clean up its act b) Adding a knob to /etc/defaults/rc.conf that does Devin's global type en= v -i to the rc.d system with a default value of off c) Documenting in services.8 more clearly that: a) It really does do a full revoke with only PATH and HOME exported fr= om the environment it seems a bit unclear as it is written today. b) That directly invoking a rc.d/script may or may not have this clean= ing done depnding on the new knob in b). --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235185-20181-BC1gfw2CUP>