bin/70024: jail(8) enhancement: run program in the clean
environment
Ruslan Ermilov
ru at FreeBSD.org
Thu Aug 5 05:30:31 PDT 2004
The following reply was made to PR bin/70024; it has been noted by GNATS.
From: Ruslan Ermilov <ru at FreeBSD.org>
To: Dmitry Sivachenko <mitya at demos.su>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment
Date: Thu, 5 Aug 2004 15:23:12 +0300
On Thu, Aug 05, 2004 at 02:09:18PM +0400, Dmitry Sivachenko wrote:
>
> Add -l option to jail(8). Before running jail'ed program under
> specific user's credentials, clean the
> environment and set only a few variables.
>
> +.It Fl l
> +Run program in the clean environment.
> +The environment is discarded except for
> +.Ev HOME ,
> +.Ev SHELL ,
> +.Ev TERM
> +and
> +.Ev USER .
> +.Ev HOME
> +and
> +.Ev SHELL
> +are set to the target login's default values.
> +.Ev USER
> +is set to the target login.
> +.Ev TERM
> +is imported from your current environment.
> +The environment variables from the login class capability database for the
> +target login are also set.
>
Not giving an administrator the choice to select which variables
should be leaked is not good. How this patch is different from
using the "env -i ...", specifying all necessary exports?
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
More information about the freebsd-bugs
mailing list