On 2023-11-27 07:50:40 +0900, Norbert Preining wrote:
> On Sun, 26 Nov 2023, Vincent Lefevre wrote:
> > Could you cite documentation saying that root must not set
> > arbitrary environment variables?
> I never said that. But if they are set, root must be aware of the
> consequences,

This is not documented at all. So, in doubt, root must not set *any*
environment variable, except those clearly documented. Note that root
may not know which packages will be installed (for instance, texlive
may be brought by a dependency). So, really, any environment variable
that is non standard and unrelated to the package installation system
could be problematic, even though the user could have thought it
would be private.

> and the envvars might have effect on how packages work.

Here, this is not how packages work, but how packages are installed.

> > was actually there on purpose). But this could have been done
> > really on purpose. And this would have broken the package
> > installation.
> root can make / ro and break installation.

I would expect installation to fail, not to silently yield an
incorrect installation. Note that there may be reasons that /
may be ro, such as disk errors at mount time.

> root can set their own shell to fish with probably interesting
> consequences.

You could have cited zsh, which is not a POSIX shell either.
AFAIK, various users use zsh as their root shell.

If chsh allows non-POSIX shells to be selected, this should
really be supported.

Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply via email to