On Wed, 4 Jul 2012 22:34:15 -0400, Bill Waggoner <ctgreybe...@gmail.com> wrote: When I run an update-all (or any other update) I see the following > command or something similar: > > sudo -u fink-bld [ENV] sh -c/tmp/fink.p5xo4 > > Am I correct in assuming that "[ENV]" is indicating that the > environment (as desired by the fink build) is being passed into the > script? > > Does this block any EXPORTs? Perhaps sudo does? (I use sudo all the > time, maybe I should understand it better ...)
That token is indeed a placeholder for the actual shell environment being passed. For security, sudo cleans out the caller's env before launching the specified program. I don't know the exact list of variables that are wiped (or else the "all but..." list that are not wiped, or maybe it starts from scratch and uses a limited specific set of shell startup scripts), but it's probably documented somewhere and maybe controllable. But it's definitely overrideable by passing explicit variable=value pairs as part of the command (as usual for unix commands). The upshot is that the shell environment *is* essentially wiped but fink determines what it should be (ignoring those in the caller, instead using the normal fink shell configs (and ignoring any user-directory dotfiles)). Then it passes that full set into the sudo call. It's probably a few K of text and these calls are made a bunch of times, so fink just uses this token in the displayed command to mask the whole actual set that is passed in the actual command being run. There are various ways to see what the env would be if you're interested. dan -- Daniel Macks dma...@netspace.org ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
