From owner-svn-src-head@FreeBSD.ORG Wed Jul 16 04:39:39 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E94C86CB; Wed, 16 Jul 2014 04:39:39 +0000 (UTC) Received: from nk11p03mm-asmtp002.mac.com (nk11p03mm-asmtp002.mac.com [17.158.232.237]) (using TLSv1 with cipher DES-CBC3-SHA (168/168 bits)) (Client CN "smtp.me.com", Issuer "VeriSign Class 3 Extended Validation SSL SGC CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB6AC2A1C; Wed, 16 Jul 2014 04:39:39 +0000 (UTC) MIME-version: 1.0 Content-type: text/plain; charset=windows-1252 Received: from [10.20.30.117] (75-101-82-48.static.sonic.net [75.101.82.48]) by nk11p03mm-asmtp002.mac.com (Oracle Communications Messaging Server 7u4-27.10(7.0.4.27.9) 64bit (built Jun 6 2014)) with ESMTPSA id <0N8S00J6AFLKD7A0@nk11p03mm-asmtp002.mac.com>; Wed, 16 Jul 2014 04:39:22 +0000 (GMT) Subject: Re: svn commit: r268641 - head/usr.sbin/service From: Jordan Hubbard In-reply-to: <011a01cfa09b$928b4710$b7a1d530$@FreeBSD.org> Date: Tue, 15 Jul 2014 21:39:19 -0700 Content-transfer-encoding: quoted-printable Message-id: References: <201407150218.s6F2Itj8044531@svn.freebsd.org> <53C56BE9.9050304@FreeBSD.org> <20140715191553.GA31990@dft-labs.eu> <011a01cfa09b$928b4710$b7a1d530$@FreeBSD.org> To: dteske@freebsd.org X-Mailer: Apple Mail (2.1878.6) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.14,0.0.0000 definitions=2014-07-16_02:2014-07-15,2014-07-16,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407160064 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Mateusz Guzik , src-committers@freebsd.org, Bryan Drewery X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 04:39:40 -0000 On Jul 15, 2014, at 7:13 PM, dteske@freebsd.org wrote: > I would argue that not all programs are going to like having > a nearly empty environment. Things like TERM and SHLVL > at the very least should be passed (after-all, the boot process > takes place on [a] a terminal and [b] in a shell). Having launchd scrub every processes environment down to nothing, then = have environment variables be set explicitly as part of that processes=92 = =93launch contract=94 was one of the best decisions we ever made at = Apple. The Unix process environment is a septic tank, and that=92s actually = being kind since most septic tanks don=92t also contain bottles of nerve = gas and the occasional live hand grenade. Many parts of the environment = are trivially attackable, and if anyone on the CC line thinks they know = the full extent of that attack surface, they=92re wrong. Not because = there aren=92t some extremely smart Unix people in the audience, but = because it=92s simply impossible to know how each and every environment = variable will be used, how it can overflow, or how it can be used to = permute a program=92s behavior in unpredictable ways. Even if the = intention isn=92t to be hostile, you can still cause some truly = Heisenbergian results by having the environment be unpredictable in = nature. It may not be =93Unixy=94, but Unix didn=92t grow up in a world with = millions of instances of itself or the big, bad Internet encompassing = pretty much every country on earth. Changes need to be made to keep up = with the times, and you can rest assured that FreeBSD=92s competition is = making those changes or has already made them. I also find it a frankly weird assertion that a background service would = care about the value of TERM. That sounds like a pretty warped service = to me, since assuming interactivity is more the exception than the rule = these days. - Jordan