From owner-svn-src-head@FreeBSD.ORG Wed Jul 16 05:36:52 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0149541C; Wed, 16 Jul 2014 05:36:52 +0000 (UTC) Received: from shxd.cx (unknown [64.201.244.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD7012E26; Wed, 16 Jul 2014 05:36:51 +0000 (UTC) Received: from [64.201.244.132] (port=50379 helo=THEMADHATTER) by shxd.cx with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1X753P-0004PJ-8d; Tue, 15 Jul 2014 08:54:07 -0700 From: To: "'Jordan Hubbard'" , References: <201407150218.s6F2Itj8044531@svn.freebsd.org> <53C56BE9.9050304@FreeBSD.org> <20140715191553.GA31990@dft-labs.eu> <011a01cfa09b$928b4710$b7a1d530$@FreeBSD.org> In-Reply-To: Subject: RE: svn commit: r268641 - head/usr.sbin/service Date: Tue, 15 Jul 2014 22:36:39 -0700 Message-ID: <01ad01cfa0b7$ea933910$bfb9ab30$@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQHOLaehGAwRwf+WS/ay3he7mLcSrwIdqyYRAXy+1UkB4SBdqgHOdhkom2rDFjA= Content-Language: en-us Sender: devin@shxd.cx Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, 'Mateusz Guzik' , src-committers@freebsd.org, 'Bryan Drewery' X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 05:36:52 -0000 > -----Original Message----- > From: Jordan Hubbard [mailto:jordanhubbard@me.com] > Sent: Tuesday, July 15, 2014 9:39 PM > To: dteske@freebsd.org > Cc: Mateusz Guzik; Bryan Drewery; src-committers@freebsd.org; svn-src- > all@freebsd.org; svn-src-head@freebsd.org > Subject: Re: svn commit: r268641 - head/usr.sbin/service > > On Jul 15, 2014, at 7:13 PM, dteske@freebsd.org wrote: > > > I would argue that not all programs are going to like having > > a nearly empty environment. Things like TERM and SHLVL > > at the very least should be passed (after-all, the boot process > > takes place on [a] a terminal and [b] in a shell). > > Having launchd scrub every processes environment down to nothing, then > have environment variables be set explicitly as part of that processes' > "launch contract" was one of the best decisions we ever made at Apple. > > The Unix process environment is a septic tank, and that's actually being kind > since most septic tanks don't also contain bottles of nerve gas and the > occasional live hand grenade. Many parts of the environment are trivially > attackable, and if anyone on the CC line thinks they know the full extent of > that attack surface, they're wrong. Not because there aren't some > extremely smart Unix people in the audience, but because it's simply > impossible to know how each and every environment variable will be used, > how it can overflow, or how it can be used to permute a program's behavior > in unpredictable ways. Even if the intention isn't to be hostile, you can still > cause some truly Heisenbergian results by having the environment be > unpredictable in nature. > > It may not be "Unixy", but Unix didn't grow up in a world with millions of > instances of itself or the big, bad Internet encompassing pretty much every > country on earth. Changes need to be made to keep up with the times, and > you can rest assured that FreeBSD's competition is making those changes or > has already made them. > > I also find it a frankly weird assertion that a background service would care > about the value of TERM. That sounds like a pretty warped service to me, > since assuming interactivity is more the exception than the rule these days. > Odd indeed. An rc.d script needs to know $TERM so it can launch a background instance of screen or tmux. The rc.d script itself doesn't use $TERM but the instance of screen or tmux needs it else it thinks you're not on a terminal (maybe the proper thing is to patch screen and tmux ;D). -- Devin