[Freeipa-devel] [freeipa PR#204][comment] ipautil.run: Remove hardcoded environ PATH value
pspacek
freeipa-github-notification at redhat.com
Wed Nov 2 11:23:21 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value
pspacek commented:
"""
The approach with wiping env adds another layer of problems, e.g. inability to use `KRB5_TRACE` environment variable for debugging etc.
IMHO we should use absolute paths whenever we call an external program and let the env be. If an attacker is controling env the game is already over. He could mess with `LD_PRELOAD` or any other other current or future sensitive variables.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/204#issuecomment-257838182
More information about the Freeipa-devel
mailing list