Ticket #228 (new enhancement)

Opened 15 years ago

Last modified 11 years ago

add should extend the environment a lot more than it currently does

Reported by: jdreed Owned by:
Priority: trivial Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

Discussion on -c debathena on 3/12 suggests that it would be cool if add could frob things like PYTHONPATH, PERL5LIB, TEXINPUTS, etc.

broder notes:

There is a security issue with updating PYTHONPATH et al.

Unlike PATH, where we can explicitly append something after the system defaults, PYTHONPATH overrides the system default, as does LD_LIBRARY_PATH.

We don't want adding a locker with a sketchy Python module to cause that sketchy Python module to be preferred over the system default module (which presumably is non-sketchy)

For Python, I think we can work around this by setting a different environment variable than PYTHONPATH and providing a sitecustomize.py module (see the documentation for site.py) that adds the things in PYTHON_LOCKER_PATH or whatever to the end of sys.path.

I don't know if we can swing something like that for Perl, TeX, or Ruby, but people who know the languages should chime in and offer solutions.

jdreed notes:

Perl claims to have "sitecustomize.pl", but it's only mentioned in passing, and support for it needs to be enabled at compile time (I don't know what Ubuntu defaults to). If it works, it lives at $Config{sitelib}/sitecustomize.pl See perlvar(1) and perlrun(1)

Change History

comment:1 Changed 15 years ago by broder

We'll have to come up with something more clever for Perl:

kid-icarus:~ broder$ cat test.pl 
#!/usr/bin/perl
use Config;
if($Config{usesitecustomize}) {
 print "Yes\n";
} else {
 print "No\n";
}
kid-icarus:~ broder$ ./test.pl 
No

comment:2 Changed 15 years ago by jdreed

What are the odds we could convince Ubuntu to build a version of Perl that does use sitecustomize? If Python supports it, it seems kind of lame that it's disabled on Perl. I mean, I guess there are security implications, but if someone has the ability to create a file under /usr/lib/perl5/whatever, your machine is mostly doomed anyway.

comment:3 Changed 11 years ago by jdreed

TEXINPUTS is easy. PYTHONPATH is hard, because of course Ubuntu already abuses sitecustomize.py for its stupid apport handler. So we'd have to divert it. And of course it's a configfile because it's in /etc. And of course it's python-version specific (/etc/python2.7/sitecustomize.py), so we'd have to find a way to come up with that path at build time.

comment:4 Changed 11 years ago by jdreed

Actually, we could do a clever hack with PYTHONPATH: add(1) could append lockers to the end of PYTHONPATH, as it does with every other environment variable. However, if PYTHONPATH is initially unset, we could set it to the value of sys.path.

Note: See TracTickets for help on using tickets.