This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 09/12/2014 04:50 PM, Christian Franke wrote: > Andrey Repin wrote: >>> Hmm... is postfix actually broken? >>> Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use >>> absolute path names. >> If all exec() calls are made with full paths, unsetting $PATH does not >> improve >> security in any way, > > Of course. But postfix could be configured to run "unknown" external > programs through its various daemons. In this case, a fixed (here: > empty) PATH improves security. If not convinced, please discuss with the > author of postfix :-) An empty PATH leaves it up to the implementation what helpers get run (if it doesn't fall over first), which is LESS secure than a guaranteed safe PATH of confstr(_CS_PATH). > > >> but leave underlying system in an inconsistent state. > > I don't see any added inconsistencies, please explain. The moment you throw away the bare minimum POSIX-required PATH, you have introduced inconsistency into the environment you are handing to your child process. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |