On 01/23/2012 06:54 AM, Jonas Smedegaard wrote: > Yes, sounds most sensible to me that you _do_ reset all variables (i.e. > spawn a login-like shell when switching user) and then pass explicitly > what you want transfered. It is not like you need to support executing > random user commands, only specific ones in your control, right?
I'm pretty sure i disagree with this; we actually may want to pass environment variables across the switch-user call, and (for example) the admin might want to set TMPDIR to instruct monkeysphere-authentication where to place its tempfiles; if we were to reset (or clear) TMPDIR (or other variables) across the privilege-drop, those attempts would fail. Basically, it would leave us open to bug reports like "monkeysphere: does not honor TMPDIR" :P > BTW why do you use "$*" instead of "$@"? The latter, I believe, > preserves the arguments (when quoted like that!) whereas the former does > not. https://labs.riseup.net/code/issues/442 --dkg
signature.asc
Description: OpenPGP digital signature
