Re: svn commit: r268641 - head/usr.sbin/service

On Jul 15, 2014, at 7:13 PM, dteske@freebsd.org wrote:

> I would argue that not all programs are going to like having
> a nearly empty environment. Things like TERM and SHLVL
> at the very least should be passed (after-all, the boot process
> takes place on [a] a terminal and [b] in a shell).

Having launchd scrub every processes environment down to nothing, then have=
 environment variables be set explicitly as part of that processes=92 =93la=
unch contract=94 was one of the best decisions we ever made at Apple.

The Unix process environment is a septic tank, and that=92s actually being =
kind since most septic tanks don=92t also contain bottles of nerve gas and =
the occasional live hand grenade.  Many parts of the environment are trivia=
lly attackable, and if anyone on the CC line thinks they know the full exte=
nt of that attack surface, they=92re wrong.  Not because there aren=92t som=
e extremely smart Unix people in the audience, but because it=92s simply im=
possible to know how each and every environment variable will be used, how =
it can overflow, or how it can be used to permute a program=92s behavior in=
 unpredictable ways.   Even if the intention isn=92t to be hostile, you can=
 still cause some truly Heisenbergian results by having the environment be =
unpredictable in nature.

It may not be =93Unixy=94, but Unix didn=92t grow up in a world with millio=
ns of instances of itself or the big, bad Internet encompassing pretty much=
 every country on earth.  Changes need to be made to keep up with the times=
, and you can rest assured that FreeBSD=92s competition is making those cha=
nges or has already made them.

I also find it a frankly weird assertion that a background service would ca=
re about the value of TERM.  That sounds like a pretty warped service to me=
, since assuming interactivity is more the exception than the rule these da=
ys.

- Jordan

_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"