[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: env: can it be used to let only certain variables through (if they'r
|
From: |
Christoph Anton Mitterer |
|
Subject: |
Re: env: can it be used to let only certain variables through (if they're set)? |
|
Date: |
Sat, 22 Jan 2022 22:37:27 +0100 |
|
User-agent: |
Evolution 3.42.2-1 |
On Sat, 2022-01-22 at 08:08 +0900, Dominique Martinet wrote:
> Note if your goal is to protect yourself from LD_PRELOAD there isn't
> much you can do at this level: the preload library just has to hook
> over
> all kind of exec() functions and they can add themselves back there.
Well "protect" not so much from a security PoV, but more in terms of
accidentally set env vars.
LD_PRELOAD was perhaps a bad example... POSIXLY_CORRECT is maybe a
better one,... if set it alters the behaviour of some GNU stuff, that a
script may want to protect itself from.
Of course, one could easily just unset that single one, but depending
on what one executes in a script there may be gazillion more env vars,
that the executed stuff may use somehow.
Cheers,
Chris.