Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upSanitize environment variables for build scripts #5282
Comments
matklad
added
the
Rust-2018
label
Apr 3, 2018
This comment has been minimized.
This comment has been minimized.
jsgf
referenced this issue
Apr 5, 2018
Closed
Implement a sandbox for environment variables and files #49387
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Discussed during a meeting: this might be a nice idea in theory, but it really needs some significant design work, to make sure this feature is actually usable. |
This comment has been minimized.
This comment has been minimized.
|
The "non-obvious" part doesn't have to be solved by blocking env vars, but can be solved by tracking which ones were used. This is already almost a solved problem, but it's blocked on a showstopping bug: #4587 |
matklad
removed
the
Rust-2018
label
Jun 26, 2018
ehuss
added
the
A-build-scripts
label
Nov 18, 2018
dwijnand
changed the title
Sanitize environemt variables for build scripts
Sanitize environment variables for build scripts
Feb 11, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
matklad commentedApr 3, 2018
Build scripts have access to the parent environment, and this may cause problem because it's not obvious which env vars are actually used by the build script, which hurts reproducible builds.
Perhaps we should use some kind of a whitelist of envvars to pass to build scripts?