Doesn't really seem like an issue. It's usual to see things not working if a process environment is arbitrarily modified (communication with X is broken, password agent is gone, etc). It's even less of an issue given the original context provided, with setuid. *Hopefully* changing to an arbitrary user will stop the communication of the juju commands with the agent.
On Mon, Sep 16, 2013 at 8:12 PM, Kapil Thangavelu <[email protected]> wrote: > Process hierarchy > > unit agent -> hook -> juju-cli hook api (config-get/relation-get/set) > > He's saying the hook env can effect runtime of the hook cli api. Its > debatable, but one option might be white-listing env variables that the > hooks support, and unsetting those not related. > > > > On Tue, Sep 17, 2013 at 7:52 AM, David Cheney <[email protected]> > wrote: >> >> > Be careful when touching process-global state when writing charm >> > hooks. Calling out to the juju tools such as config-get will inherit >> > the normal C environment, and juju may break in surprising ways if you >> > don't leave it how you found it. >> >> I'm confused, are you saying the subprocess was able to mutate the >> environment of the caller ? I really don't follow. >> >> -- >> Juju mailing list >> [email protected] >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/juju > > > > -- > Juju mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > -- gustavo @ http://niemeyer.net -- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
