cvs commit: src/usr.sbin/sysinstall main.c
David Schultz
das at FreeBSD.ORG
Tue May 1 19:35:23 UTC 2007
On Mon, Apr 30, 2007, David Schultz wrote:
> I think Alfred is absolutely right, and this is a pretty major
> POLA violation. As a result of these changes, I've got two ports
> (so far) and some model checking software that won't build/run
> anymore. If we've been doing something right for years, changing
> it around in order to inherit SVR4 bugs seems like a bad
> plan. Holding up your POSIX banner doesn't really make things
> okay; POSIX wasn't written by God, and we choose to ignore various
> parts of it. And considering the way various setuid programs
> attempt to sanitize their environment before doing a fork/exec,
> the change may very well have security implications.
FWIW, the env(1) change fixes at least one of these problems (in
MOPS), but I'm still rebuilding ports. I'm still a little dubious
of this change nevertheless. With any luck I'll have some time to
look into it this weekend and plow through some of the PRs that
have been tossed my way in the past few months.
More information about the cvs-src
mailing list