On 08/06/2015 01:38, Jonathan de Boyne Pollard wrote:
> And I am regretful and slightly hesitant to report a security bug in
> s6-networking, where it fails (unless I have missed something) to
> wipe any existing UCSPI-TCP environment variables that it isn't
> setting, per the spec, but merely _merges_ environment changes.
It's not a bug, and I did not concern myself with it, because it is
easy enough to clear the environment of UCSPI-related variables before
calling a UCSPI tool.
However, I agree that it may not be as intuitive as it could be, and
clearing the variables that tools do not set is probably the better
behaviour. I'll change that in a future release.
--
Laurent
Received on Mon Jun 08 2015 - 08:16:24 UTC