> > I'd like to propose > > > > 0. start with an empty environment > > 1. pass LOGNAME and USER unmolested > > 2. force PATH to the canonical default > > 3. pass SHELL unmolested, or force it to /bin/ksh > > 4. set HOME to /var/empty (no $HOME is a rare situation for programs to > > handle) > > > > You are not just satisfying the ftp binary, but also the libc it is > > using. Maybe you want to also pass some LANG type things, not sure. > > If using that approach, ftp's variables need to be passed too, > at least FTPMODE, ftp_proxy, http_proxy, and if people are using > an FETCH_CMD other than ftp (some people need curl for ntlm auth > against certain proxies) they might need https_proxy, no_proxy, > all_proxy.
Sure, sure sure, I agree. Furthermore pkg_add can decide in which contexts those are relevant, and pass them selectively. Sometimes it can slightly pre-validate their format, too.
