|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [RFC] environment sanitisation wrapper
From: Sean Hunter (sean
uncarved.com)Date: Mon May 29 2000 - 04:32:39 CDT
- Next message: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Previous message: Joseph S. Myers: "write(1) security (was: Re: Here's another glibc env. var.)"
- Next in thread: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Reply: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
OK, I've patched my init scripts (and a few other bits and bobs) to
use my safe_env wrapper, and my daemons are now happily running with a
much more minimal environment than before.
One thing I noticed while doing this was that when starting new
services using "sudo", the daemon runs with root privilege, but with
the users environment. While pretty obvious, this makes it relatively
easy to accidentally start a daemon with a dodgy environment,
particularly if you are a developer and are likely to have malloc
debugging etc set on.
As such, I have found it useful to alias "sudo" to set up a known
path, then run the real "sudo" from my safe_env wrapper. You could
just use "env -", but some environment vars are worth keeping IMO.
I've also tidied the script up a bit, added comments and fixed a bug
or two. Latest version attached. Standard disclaimers apply.
Comments, suggestions etc gratefully recieved.
Sean
On Sun, May 28, 2000 at 07:09:14PM +0100, Sean Hunter wrote:
> In the light of the thunderous silence that greeted my initial
> wrapper, I've improved it a little, and am now running it succesfully
> on my production hosts. See attached for the latest.
>
> Suggestions (esp for candidates for the black- and whitelists)
> gratefully received.
>
> Sean
>
> On Sun, May 28, 2000 at 03:39:22PM +0100, Sean Hunter wrote:
> > Given the recent debates over environment variables, I decided to
> > write a small wrapper to ensure a sane environment for important
> > programs. What it does is remove any unwanted env vars before
> > executing a given program. So, instead of running "foobar" you'll run
> > "safe_env foobar", or if foobar wants to see the BAZ env var, you do
> > "safe_env -s BAZ foobar" or something.
> >
> > Is this at all useful? If so, what environment variables do we trust
> > to add to this safe_builtins list? Have I done anything dumb in the
> > implimentation?
> >
> > Sean
> >
- text/plain attachment: safe_env.c
- Next message: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Previous message: Joseph S. Myers: "write(1) security (was: Re: Here's another glibc env. var.)"
- Next in thread: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Reply: Cooper: "Re: [RFC] environment sanitisation wrapper"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]