Ben Reser wrote on Thu, Mar 28, 2013 at 09:30:05 -0700: > On Thu, Mar 21, 2013 at 10:41 AM, Branko Čibej <br...@wandisco.com> wrote: > > However it would avoid a possible security issue or two as well. IMO our > > documentation is correct and we should fix the code to behave as documented. > > I don't think we ever came to a conclusion on this. However, Bert had > some important comments about how Windows handles the PATH on IRC. > > 17:19 Bert You need PATH to find shared libraries. And many tools rely > on environment variables to find out things about the runtime > environment. (E.g. system temp directory) > 17:20 Bert There is no way to obtain that if you remove the variable > > Full discussion is here: > http://colabti.org/irclogger/irclogger_log/svn-dev?date=2013-03-21
Can we come up with a whitelist of envvars to keep? (PATH, TEMP, TMP, TMPDIR, etc; don't have a windows box handy to examine)
