bin/70024: jail(8) enhancement: run program in the clean
environment
Dmitry Sivachenko
demon at FreeBSD.org
Thu Aug 5 05:50:21 PDT 2004
The following reply was made to PR bin/70024; it has been noted by GNATS.
From: Dmitry Sivachenko <demon at FreeBSD.org>
To: Ruslan Ermilov <ru at FreeBSD.org>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/70024: jail(8) enhancement: run program in the clean environment
Date: Thu, 5 Aug 2004 16:43:22 +0400
On Thu, Aug 05, 2004 at 03:23:12PM +0300, Ruslan Ermilov wrote:
> On Thu, Aug 05, 2004 at 02:09:18PM +0400, Dmitry Sivachenko wrote:
> >
> > Add -l option to jail(8). Before running jail'ed program under
> > specific user's credentials, clean the
> > environment and set only a few variables.
> >
> > +.It Fl l
> > +Run program in the clean environment.
> > +The environment is discarded except for
> > +.Ev HOME ,
> > +.Ev SHELL ,
> > +.Ev TERM
> > +and
> > +.Ev USER .
> > +.Ev HOME
> > +and
> > +.Ev SHELL
> > +are set to the target login's default values.
> > +.Ev USER
> > +is set to the target login.
> > +.Ev TERM
> > +is imported from your current environment.
> > +The environment variables from the login class capability database for the
> > +target login are also set.
> >
> Not giving an administrator the choice to select which variables
> should be leaked is not good. How this patch is different from
> using the "env -i ...", specifying all necessary exports?
>
I thought about env(1).
Convenience is the main reason for this change.
This is similar to -l option of su(1) command.
More information about the freebsd-bugs
mailing list