cvs commit: src/usr.sbin/sysinstall main.c

[Andrey Chernov]

On Mon, Apr 30, 2007 at 06:57:17PM -0400, David Schultz wrote:
> I think Alfred is absolutely right, and this is a pretty major
> POLA violation. 

That's -current for. Do you suggest to wait yet more N years to commit 
exact that stuff?

> As a result of these changes, I've got two ports
> (so far) and some model checking software that won't build/run
> anymore. 

Please be specific, which ports exactly? Otherwise there is no useful 
information in your statement.

> If we've been doing something right for years, changing
> it around in order to inherit SVR4 bugs seems like a bad
> plan. Holding up your POSIX banner doesn't really make things
> okay; POSIX wasn't written by God, and we choose to ignore various
> parts of it. 

There is no SVR4 bugs in this commit. Just more strict args checking
(which really helps to catch poorly written things and have nothing 
common with SVR4) and clarifying that portable putenv() does not save arg.

Please send all your possible complains to the Open Group, perhaps they 
change standard. Until that we (and software developers which try to make 
things portable) have no other alternative.

Currrently we ignore just very minor things and don't need to increase 
that number without urgent needs. Other things are simple not implemented 
not ignored.

> And considering the way various setuid programs
> attempt to sanitize their environment before doing a fork/exec,
> the change may very well have security implications.

Sanitizing environment is completely unrelated to all of that.

-- 
http://ache.pp.ru/