Date: Tue, 1 May 2007 15:35:22 -0400 From: David Schultz <das@FreeBSD.ORG> To: Andrey Chernov <ache@FreeBSD.ORG>, Alfred Perlstein <alfred@FreeBSD.ORG>, src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c Message-ID: <20070501193522.GA1480@VARK.MIT.EDU> In-Reply-To: <20070430225717.GA7008@VARK.MIT.EDU> References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <20070430180043.GK13868@elvis.mu.org> <20070430181824.GA83415@nagual.pp.ru> <20070430225717.GA7008@VARK.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 30, 2007, David Schultz wrote: > I think Alfred is absolutely right, and this is a pretty major > POLA violation. As a result of these changes, I've got two ports > (so far) and some model checking software that won't build/run > anymore. If we've been doing something right for years, changing > it around in order to inherit SVR4 bugs seems like a bad > plan. Holding up your POSIX banner doesn't really make things > okay; POSIX wasn't written by God, and we choose to ignore various > parts of it. And considering the way various setuid programs > attempt to sanitize their environment before doing a fork/exec, > the change may very well have security implications. FWIW, the env(1) change fixes at least one of these problems (in MOPS), but I'm still rebuilding ports. I'm still a little dubious of this change nevertheless. With any luck I'll have some time to look into it this weekend and plow through some of the PRs that have been tossed my way in the past few months.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070501193522.GA1480>