bin/70024: jail(8) enhancement: run program in the clean environment

Ruslan Ermilov ru at FreeBSD.org
Thu Aug 5 05:30:31 PDT 2004


The following reply was made to PR bin/70024; it has been noted by GNATS.

From: Ruslan Ermilov <ru at FreeBSD.org>
To: Dmitry Sivachenko <mitya at demos.su>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment
Date: Thu, 5 Aug 2004 15:23:12 +0300

 On Thu, Aug 05, 2004 at 02:09:18PM +0400, Dmitry Sivachenko wrote:
 > 
 > Add -l option to jail(8).  Before running jail'ed program under
 > specific user's credentials, clean the
 > environment and set only a few variables.
 > 	
 > +.It Fl l
 > +Run program in the clean environment.
 > +The environment is discarded except for
 > +.Ev HOME ,
 > +.Ev SHELL ,
 > +.Ev TERM
 > +and
 > +.Ev USER .
 > +.Ev HOME
 > +and
 > +.Ev SHELL
 > +are set to the target login's default values.
 > +.Ev USER
 > +is set to the target login.
 > +.Ev TERM
 > +is imported from your current environment.
 > +The environment variables from the login class capability database for the
 > +target login are also set.
 > 
 Not giving an administrator the choice to select which variables
 should be leaked is not good.  How this patch is different from
 using the "env -i ...", specifying all necessary exports?
 
 
 Cheers,
 -- 
 Ruslan Ermilov
 ru at FreeBSD.org
 FreeBSD committer


More information about the freebsd-bugs mailing list