July 24, 2023
4:42 p.m.
On Mon Jul 24 14:28:55 2023 +0000, Jinoh Kang wrote: > I don't see how `secure_getenv` is useful. > 1. Wine is not intended to be run as root, or on behalf of another Unix user. > 2. There are plenty of other environment variables that directly > influence Wine's behavior, to the point of arbitrary code execution. 1. There're other conditions of "secure execution" according to `secure_getenv(3)` - e.g. capabilities and/or LSM. 2. I'm aware of it: simple command `git grep -F getenv ':!**/tests/*' | sed -En 's/^.+getenv\s*\(\s*"([^"]+)"\s*.*$/\1/p' | sort -uV | tee /dev/stderr | wc -l` shows at least 52 variables. If `getenv` is preferred more than `secure_getenv` - let me know. I'll revert changes to configure.ac and related files. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3381#note_39978