Current chroot sandbox inherits parent's environment variables. However, there is only 'PATH' environment variable which should be inherited from the parent. Since there are several _fixed_ directories to be listed in PATH, we can safely listed directories in static.

Following patch enables that: * PATH list is set statically. * Use 'env -i' to eliminate parent environment variables when starting chroot(8) sandbox.

Note: 1) '/sbin' should be listed in PATH (/sbin/{u,}mount will be there). I don't know about '/usr/sbin', but it is safe for us IMHO. 2) 'chroot' should be full-path, since /bin/sh's default PATH is "/bin:/usr/bin"; without full-path, env can't start chroot.

If there are no problems, I'll commit it later (maybe several days after or so). Any comments, suggestions, and objections are welcome.

Thanks in advance, -- - Makoto `MAR' Matsushita

Index: Makefile =================================================================== RCS file: /home/ncvs/src/release/Makefile,v retrieving revision 1.686 diff -u -r1.686 Makefile --- Makefile 8 Jun 2002 03:15:50 -0000 1.686 +++ Makefile 8 Jun 2002 08:44:07 -0000 @@ -392,7 +392,7 @@ .endif # Don't remove this, or the build will fall over! echo "export RELEASEDIR=${_R}" >> ${CHROOTDIR}/mk - echo "export PATH=$${PATH}:${LOCALDIR}" >> ${CHROOTDIR}/mk + echo "export PATH=/bin:/usr/bin:/sbin:/usr/sbin:${LOCALDIR}" >>
${CHROOTDIR}/mk echo "export TMPDIR=/tmp" >> ${CHROOTDIR}/mk echo "export MAKEOBJDIRPREFIX=/usr/obj" >> ${CHROOTDIR}/mk echo "export MANBUILDCAT=YES" >> ${CHROOTDIR}/mk @@ -406,7 +406,7 @@ echo "make \$${_RELTARGET}" >> ${CHROOTDIR}/mk echo "echo \">>> make ${.TARGET} for ${TARGET} finished on \`LC_ALL=C TZ=GMT
date\`\"" >> ${CHROOTDIR}/mk chmod 755 ${CHROOTDIR}/mk - chroot ${CHROOTDIR} /mk + env -i /usr/sbin/chroot ${CHROOTDIR} /mk

clean: rm -rf boot_crunch release.[0-9]

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message