From c92be49041a7b56f651a93e71e15e94bc8727489 Mon Sep 17 00:00:00 2001 From: Roy Marples Date: Sat, 5 Jan 2008 20:43:08 +0000 Subject: Move the env whitelists to an rc var and build in the system whitelist. --- conf.d/env_whitelist | 6 ----- etc/rc.conf | 4 ++++ src/env_whitelist | 48 --------------------------------------- src/rc/rc-misc.c | 63 +++++++++++++++++++++++++++++++++++++++++----------- 4 files changed, 54 insertions(+), 67 deletions(-) delete mode 100644 conf.d/env_whitelist delete mode 100644 src/env_whitelist diff --git a/conf.d/env_whitelist b/conf.d/env_whitelist deleted file mode 100644 index 30a3695a..00000000 --- a/conf.d/env_whitelist +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/conf.d/env_whitelist: Environment whitelist for rc-system - -# Specify which variables are allowed to be passed from the environment to the -# rc-system. If it is not set by the environment, then the variable will be -# taken from /etc/profile.env - meaning, if you need to set LANG or such, -# do it in a /etc/env.d/99myownstuff file for example, and run env-update. diff --git a/etc/rc.conf b/etc/rc.conf index 659e5b11..8cfc0c9f 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -52,6 +52,10 @@ rc_force_auto="NO" # /var/log/rc.log rc_logger="NO" +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +# rc_env_allow="VAR1 VAR2" + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts diff --git a/src/env_whitelist b/src/env_whitelist deleted file mode 100644 index ca21935b..00000000 --- a/src/env_whitelist +++ /dev/null @@ -1,48 +0,0 @@ -# System environment whitelist for rc-system -# See /etc/conf.d/env_whitelist for details. - -# -# Internal variables needed for operation of rc-system -# NB: Do not modify below this line if you do not know what you are doing!! -# - -# Hotplug -IN_HOTPLUG - -# RC network script support -IN_BACKGROUND -RC_INTERFACE_KEEP_CONFIG - -# Default shell stuff -PATH -SHELL -USER -HOME -TERM - -# Language variables -LANG -LC_CTYPE -LC_NUMERIC -LC_TIME -LC_COLLATE -LC_MONETARY -LC_MESSAGES -LC_PAPER -LC_NAME -LC_ADDRESS -LC_TELEPHONE -LC_MEASUREMENT -LC_IDENTIFICATION -LC_ALL - -# From /sbin/init -INIT_HALT -INIT_VERSION -RUNLEVEL -PREVLEVEL -CONSOLE - -# Allow this through too so we can prefer stuff in /lib when shutting down -# or going to single mode. -LD_LIBRARY_PATH diff --git a/src/rc/rc-misc.c b/src/rc/rc-misc.c index 0d8b8c1f..aacd6fea 100644 --- a/src/rc/rc-misc.c +++ b/src/rc/rc-misc.c @@ -44,8 +44,8 @@ #include #include "rc.h" -#include "rc-misc.h" -#include "strlist.h" +#include "../rc-misc.h" +#include "../strlist.h" #define PROFILE_ENV "/etc/profile.env" #define SYS_WHITELIST RC_LIBDIR "/conf.d/env_whitelist" @@ -113,17 +113,54 @@ char **env_filter (void) char *p; int pplen = strlen (PATH_PREFIX); - whitelist = rc_config_list (SYS_WHITELIST); - if (! whitelist) - fprintf (stderr, "system environment whitelist (" SYS_WHITELIST ") missing\n"); - - env = rc_config_list (USR_WHITELIST); - rc_strlist_join (&whitelist, env); - rc_strlist_free (env); - env = NULL; - - if (! whitelist) - return (NULL); + /* Init a system whitelist, start with shell vars we need */ + rc_strlist_add (&whitelist, "PATH"); + rc_strlist_add (&whitelist, "SHELL"); + rc_strlist_add (&whitelist, "USER"); + rc_strlist_add (&whitelist, "HOME"); + rc_strlist_add (&whitelist, "TERM"); + + /* Add Language vars */ + rc_strlist_add (&whitelist, "LANG"); + rc_strlist_add (&whitelist, "LC_CTYPE"); + rc_strlist_add (&whitelist, "LC_NUMERIC"); + rc_strlist_add (&whitelist, "LC_TIME"); + rc_strlist_add (&whitelist, "LC_COLLATE"); + rc_strlist_add (&whitelist, "LC_MONETARY"); + rc_strlist_add (&whitelist, "LC_MESSAGES"); + rc_strlist_add (&whitelist, "LC_PAPER"); + rc_strlist_add (&whitelist, "LC_NAME"); + rc_strlist_add (&whitelist, "LC_ADDRESS"); + rc_strlist_add (&whitelist, "LC_TELEPHONE"); + rc_strlist_add (&whitelist, "LC_MEASUREMENT"); + rc_strlist_add (&whitelist, "LC_IDENTIFICATION"); + rc_strlist_add (&whitelist, "LC_ALL"); + + /* Allow rc to override library path */ + rc_strlist_add (&whitelist, "LD_LIBRARY_PATH"); + + /* We need to know sysvinit stuff - we emulate this for BSD too */ + rc_strlist_add (&whitelist, "INIT_HALT"); + rc_strlist_add (&whitelist, "INIT_VERSION"); + rc_strlist_add (&whitelist, "RUNLEVEL"); + rc_strlist_add (&whitelist, "PREVLEVEL"); + rc_strlist_add (&whitelist, "CONSOLE"); + + /* Hotplug and daemon vars */ + rc_strlist_add (&whitelist, "IN_HOTPLUG"); + rc_strlist_add (&whitelist, "IN_BACKGROUND"); + rc_strlist_add (&whitelist, "RC_INTERFACE_KEEP_CONFIG"); + + /* Add the user defined list of vars */ + e = env_name = xstrdup (rc_conf_value ("rc_env_allow")); + while ((token = strsep (&e, " "))) { + if (token[0] == '*') { + free (env_name); + return (NULL); + } + rc_strlist_add (&whitelist, token); + } + free (env_name); if (exists (PROFILE_ENV)) profile = rc_config_load (PROFILE_ENV); -- cgit v1.2.3