[Bug 235185] www/fcgiwrap: environment should be cleaned in /usr/local/etc/rc.d/fcgiwrap

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Bug 235185] www/fcgiwrap: environment should be cleaned in /usr/local/etc/rc.d/fcgiwrap


Rodrigo Osorio <[hidden email]> changed:

           What    |Removed                     |Added
         Resolution|---                         |Not A Bug
             Status|Open                        |Closed

--- Comment #40 from Rodrigo Osorio <[hidden email]> ---
After rethinking the arguments I don't gonna change the way www/fcgiwrap rc
script behaves. I strongly believe that it's not rc script job to sanitize the
ENV variables since service(8) is doing that for you in a better way.

I also don't wanna perform code duplication between service(8) and the
www/fcgiwrap rc script because it's bad, and it prevents future changes in
service(8) to apply to www/fcgiwrap.

Finally, I don't wanna prevent peoples to start the www/fcgiwrap server
manually with custom variables in debug purpose.

Regarding the sanitize framework discussed before, you can continue the
discussion in a new improvement PR. To me, I do not see the interest, because
once you are starting the daemon with service(8) the env is sanitized for free.

- rodrigo

@ John Von Essen :
Regarding the default user changes used by www/fcgiwrap, nobody is the default
because it's the less powered user in the system. Changing that breaks POLA for
sure without too much benefit for the user.

You are receiving this mail because:
You are on the CC list for the bug.
[hidden email] mailing list
To unsubscribe, send any mail to "[hidden email]"