[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hook scripts run with empty environment

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2004-12-22 20:01:16 CET

On Wed, 2004-12-22 at 13:57, Justin Erenkrantz wrote:
> > I don't know (John Peacock's speculation of "security" might be right,
> > but I don't have any memories backing that up). It would make sense
> > to use the process environment, IMHO, and I'd be +1 on a fix or,
> > failing that, an issue to record the enhancement.
> I don't think so. For an httpd setup, you are better off assuming that the
> environment is empty because you'd be inheriting the process environment of
> the user who started it: and that can easily change.

But doesn't the same argument apply to Subversion itself? And to CGI
scripts which are run by httpd? httpd doesn't empty out the environment
for those, does it?

> I think keeping it with an empty environment leads to the most predictable
> behavior on our parts. Otherwise, things may break depending upon who started
> the server: and that causes all sort of goofy badness. -- justin

Well, it sucks for a Kerberos-using site using file:// URLs. You can't
use the user's Kerberos tickets from a hook script because the
KRB5CCNAME environment variable is lost.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 22 20:02:39 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.