[Midnightbsd-cvs] [MidnightBSD/src] 0bee5e: prowld: always execve with explicit env; never inh...
Lucas Holt
noreply at github.com
Sun Apr 19 00:04:53 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 0bee5e0cc8dc0afdda57e2c63bdc7cadabc5e95a
https://github.com/MidnightBSD/src/commit/0bee5e0cc8dc0afdda57e2c63bdc7cadabc5e95a
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M sbin/prowld/supervisor.c
Log Message:
-----------
prowld: always execve with explicit env; never inherit prowld's environment
Jobs without an explicit environment block were falling through to execv(),
which inherited prowld's full ambient environment. This allowed variables
such as LD_PRELOAD, LD_LIBRARY_PATH, and proxy credentials to leak into
root-owned managed services (spec §17: "minimal environment unless
environment is specified").
Fix: introduce a hardcoded minimal_env[] (PATH + HOME) and always call
execve(2) with an explicit envp[]. When job->envc > 0 the unit file's
explicit vars are used; otherwise minimal_env[] is the baseline. Protocol
vars (NOTIFY_SOCKET, WATCHDOG_*, LISTEN_FDS/PID/FDNAMES) are appended on
top as before. The rcshim path receives the same treatment, replacing its
unconditional execv() with execve() using the same built envp[].
Remove the now-unnecessary need_execve flag.
AI-Assisted-by: Claude Sonnet 4.6
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list