Date: Tue, 1 May 2007 04:02:42 +0400 From: Andrey Chernov <ache@FreeBSD.org> To: Alfred Perlstein <alfred@FreeBSD.org>, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c Message-ID: <20070501000242.GA19510@nagual.pp.ru> In-Reply-To: <20070430225717.GA7008@VARK.MIT.EDU> References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <20070430180043.GK13868@elvis.mu.org> <20070430181824.GA83415@nagual.pp.ru> <20070430225717.GA7008@VARK.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 30, 2007 at 06:57:17PM -0400, David Schultz wrote: > I think Alfred is absolutely right, and this is a pretty major > POLA violation. That's -current for. Do you suggest to wait yet more N years to commit exact that stuff? > As a result of these changes, I've got two ports > (so far) and some model checking software that won't build/run > anymore. Please be specific, which ports exactly? Otherwise there is no useful information in your statement. > If we've been doing something right for years, changing > it around in order to inherit SVR4 bugs seems like a bad > plan. Holding up your POSIX banner doesn't really make things > okay; POSIX wasn't written by God, and we choose to ignore various > parts of it. There is no SVR4 bugs in this commit. Just more strict args checking (which really helps to catch poorly written things and have nothing common with SVR4) and clarifying that portable putenv() does not save arg. Please send all your possible complains to the Open Group, perhaps they change standard. Until that we (and software developers which try to make things portable) have no other alternative. Currrently we ignore just very minor things and don't need to increase that number without urgent needs. Other things are simple not implemented not ignored. > And considering the way various setuid programs > attempt to sanitize their environment before doing a fork/exec, > the change may very well have security implications. Sanitizing environment is completely unrelated to all of that. -- http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070501000242.GA19510>