On 28.03.2013 18:08, Daniel Shahaf wrote:
> Ben Reser wrote on Thu, Mar 28, 2013 at 09:30:05 -0700:
>> On Thu, Mar 21, 2013 at 10:41 AM, Branko Čibej <brane_at_wandisco.com> wrote:
>>> However it would avoid a possible security issue or two as well. IMO our
>>> documentation is correct and we should fix the code to behave as documented.
>> I don't think we ever came to a conclusion on this. However, Bert had
>> some important comments about how Windows handles the PATH on IRC.
>>
>> 17:19 Bert You need PATH to find shared libraries. And many tools rely
>> on environment variables to find out things about the runtime
>> environment. (E.g. system temp directory)
>> 17:20 Bert There is no way to obtain that if you remove the variable
>>
>> Full discussion is here:
>> http://colabti.org/irclogger/irclogger_log/svn-dev?date=2013-03-21
> Can we come up with a whitelist of envvars to keep?
> (PATH, TEMP, TMP, TMPDIR, etc; don't have a windows box handy to examine)
I'm not sure I agree; this is what $repo/conf/hooks-env is for after all.
It's true that Windows keeps "system" and "user" environment variables
separate, and hook scripts will inherit from httpd (or svnserve) which,
when run as a service, will only see the system environment. So what
environment the hook script sees is strictly under the sysadmin's
control. However, pretty much the same is true on Unix; so if we have a
valid reason for starting with an empty environment there, we may as
well do that on Windows, too.
Although I can imagine the pain of migrating every Windows-based SVN
server to a different scheme for setting the environment.
-- Brane
--
Branko Čibej
Director of Subversion | WANdisco | www.wandisco.com
Received on 2013-03-28 18:33:43 CET