URL: https://github.com/freeipa/freeipa/pull/204 Title: #204: ipautil.run: Remove hardcoded environ PATH value
pspacek commented: """ The approach with wiping env adds another layer of problems, e.g. inability to use `KRB5_TRACE` environment variable for debugging etc. IMHO we should use absolute paths whenever we call an external program and let the env be. If an attacker is controling env the game is already over. He could mess with `LD_PRELOAD` or any other other current or future sensitive variables. """ See the full comment at https://github.com/freeipa/freeipa/pull/204#issuecomment-257838182
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code