[Pkg-sysvinit-devel] Bug#631081: dpkg: please clean environment for maintainer scripts
Raphael Hertzog
hertzog at debian.org
Tue Jun 21 06:50:43 UTC 2011
On Mon, 20 Jun 2011, Witold Baryluk wrote:
> On 06-20 11:55, Aaron M. Ucko wrote:
> > retitle 631081 dpkg: please clean environment for maintainer scripts
> > reassign 631081 dpkg 1.16.0.3
> > thanks
> >
> > As this bug's history shows, a recent libpam-afs-session upgrade made
> > cron start syslogging errors that turned out to stem from my personal
> > KRB5CCNAME setting having accidentally leaked into its environment.
> > (sudo preserves that variable by default, which is appropriate in many
> > contexts.) I historically also ran into trouble with leakage from my
> > TEXMF setting (though I concede that sudo now filters that out itself),
> > and Russ Allbery mentioned problems with Debconf-related variables
> > leaking into xinetd invocations and from there ultimately into remote
> > shells, breaking subsequent aptitude runs.
> >
> > To avoid such surprises, could dpkg please run maintainer scripts in
> > cleaned enviroments?
>
> I have often problem with TMP or TMPDIR or TEMP leaking from root or other user
> into dpkg scripts. Removing them will be usefull.
I think that cleaning the environment will create way more problems than
what you expect.
- for a start, the debconf UI might be pre-existing and the environment
variables are the way for debconf to know that it's already running
and that the postinst doesn't need to restart the UI if it's already
there.
- dropping http_proxy might break maintainer scripts calling wget or
similar
- we obviously don't want to drop LANG and LC_* because we want the user
to use his native language parameters
- we don't want to drop DISPLAY because debconf might want to open a
configuration window
- respecting TMPDIR seems a good idea rather than a bad one
- etc.
Russ Allbery <rra at debian.org> writes:
> This is a bug that's been bothering me for a long time. I'm not sure if
> aptitude or dpkg should be cleaning out the environment before invoking
> maintainer scripts, maintainer scripts should be cleaning the environment
> before running invoke-rc.d, or invoke-rc.d should be cleaning the
> environment, but *something* in that path really should. In the past,
I think it should be invoke-rc.d or something below this.
For dpkg, the only place where it might be helpful is start-stop-daemon. But
not all packages use start-stop-daemon so I would prefer invoke-rc.d which is
enshrined in policy.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Follow my Debian News ▶ http://RaphaelHertzog.com (English)
▶ http://RaphaelHertzog.fr (Français)
More information about the Pkg-sysvinit-devel
mailing list