Ben Reser wrote on Thu, Mar 28, 2013 at 09:30:05 -0700:
> On Thu, Mar 21, 2013 at 10:41 AM, Branko Čibej <brane_at_wandisco.com> wrote:
> > However it would avoid a possible security issue or two as well. IMO our
> > documentation is correct and we should fix the code to behave as documented.
>
> I don't think we ever came to a conclusion on this. However, Bert had
> some important comments about how Windows handles the PATH on IRC.
>
> 17:19 Bert You need PATH to find shared libraries. And many tools rely
> on environment variables to find out things about the runtime
> environment. (E.g. system temp directory)
> 17:20 Bert There is no way to obtain that if you remove the variable
>
> Full discussion is here:
> http://colabti.org/irclogger/irclogger_log/svn-dev?date=2013-03-21
Can we come up with a whitelist of envvars to keep?
(PATH, TEMP, TMP, TMPDIR, etc; don't have a windows box handy to examine)
Received on 2013-03-28 18:08:49 CET