24 Jul
2023
24 Jul
'23
4:42 p.m.
On Mon Jul 24 14:28:55 2023 +0000, Jinoh Kang wrote:
I don't see how `secure_getenv` is useful.
- Wine is not intended to be run as root, or on behalf of another Unix user.
- There are plenty of other environment variables that directly
influence Wine's behavior, to the point of arbitrary code execution.
1. There're other conditions of "secure execution" according to `secure_getenv(3)` - e.g. capabilities and/or LSM. 2. I'm aware of it: simple command `git grep -F getenv ':!**/tests/*' | sed -En 's/^.+getenv\s*(\s*"([^"]+)"\s*.*$/\1/p' | sort -uV | tee /dev/stderr | wc -l` shows at least 52 variables.
If `getenv` is preferred more than `secure_getenv` - let me know. I'll revert changes to configure.ac and related files.