Bug#179846: marked as done (xterm: not documented that xterm squelches ${TMPDIR})
Your message dated Sun, 2 Mar 2003 17:45:40 -0500
with message-id <20030302224540.GF10257@deadbeast.net>
and subject line Bug#179846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=179846
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Feb 2003 00:09:32 +0000
>From swift@alum.mit.edu Tue Feb 04 18:09:32 2003
Return-path: <swift@alum.mit.edu>
Received: from pool-68-160-51-169.bos.east.verizon.net (beth.swift.xxx) [68.160.51.169] (root)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18gD87-0004tl-00; Tue, 04 Feb 2003 18:09:32 -0600
Received: from beth.swift.xxx (swift@localhost [127.0.0.1])
by beth.swift.xxx (8.12.6/8.12.6/Debian-8) with ESMTP id h1509OqM013290;
Tue, 4 Feb 2003 19:09:24 -0500
Message-Id: <200302050009.h1509OqM013290@beth.swift.xxx>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Matthew Swift <swift@alum.mit.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xterm: not documented that xterm squelches ${TMPDIR}
X-Mailer: reportbug 2.9
Date: Tue, 04 Feb 2003 19:09:24 -0500
X-Mailscanner: clean (beth.swift.xxx)
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=0.8 required=5.0
tests=MSG_ID_ADDED_BY_MTA_3,SPAM_PHRASE_00_01
version=2.41
X-Spam-Level:
Package: xterm
Version: 4.2.1-3
Severity: normal
The following seems to demonstrate that xterm squelches the environment
variable TMPDIR. I'm guessing that it does this to close a security hole, but
the behavior is not documented in the man page or the README.debian file.
I set TMPDIR in /etc/environment (I think the default /etc/environment does
this also). My .xsession is a bash script that exports the settings in
/etc/environment to my window manager (Enlightenment). (There may be another
mechanism that causes /etc/environment declarations to be exported to
xdm/X/window manager subprocesses, but my .xsession guarantees it by virtue of
being a Bash login shell.) When I launch applications from my window manager's
menu system, they inherit the window manager's environment. I count on this.
For example, my non-login Bash shells assume that the declarations in
/etc/environment (sourced and exported by /etc/profile) are in the environment.
An application changing environment variables unexpectedly is a security risk
of its own, e.g., this unexpected deletion makes the path ${TMPDIR}/home into
/home.
I myself will probably look into the sources to see whether xterm is deleting
any other envariables. They should be listed in the documentation for everyone
to notice.
[beth] swift> env -i bash --norc --noprofile
bash-2.05b$ set; export TMPDIR=/tmp; export TMPTEST=/tmp
BASH=/bin/bash
BASH_VERSINFO=([0]="2" [1]="05b" [2]="0" [3]="1" [4]="release" [5]="i386-pc-linux-gnu")
BASH_VERSION='2.05b.0(1)-release'
COLUMNS=169
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/home/swift/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOSTNAME=beth
HOSTTYPE=i386
IFS=$' \t\n'
LINES=70
MACHTYPE=i386-pc-linux-gnu
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PPID=11137
PS1='\s-\v\$ '
PS2='> '
PS4='+ '
PWD=/home/swift
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
TERM=dumb
UID=501
_=bash
bash-2.05b$ rm /tmp/result
bash-2.05b$ rm /tmp/result
rm: cannot remove `/tmp/result': No such file or directory
bash-2.05b$ /usr/bin/X11/xterm -display :0.0 -e bash --norc -noprofile -c 'echo TMPDIR=$TMPDIR and TMPTEST=$TMPTEST>/tmp/result'
bash-2.05b$ cat /tmp/result
TMPDIR= and TMPTEST=/tmp
bash-2.05b$
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux beth 2.4.20 #1 Fri Jan 31 16:26:56 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages xterm depends on:
ii debconf 1.2.21 Debian configuration management sy
ii libc6 2.2.5-14.3 GNU C Library: Shared libraries an
ii libfreetype6 2.1.2-9 FreeType 2 font engine, shared lib
ii libncurses5 5.2.20020112a-8 Shared libraries for terminal hand
ii libxaw7 4.2.1-3 X Athena widget set library
ii xlibs 4.2.1-3 X Window System client libraries
-- debconf information:
* xterm/clobber_xresource_file: true
xterm/xterm_needs_devpts:
---------------------------------------
Received: (at 179846-done) by bugs.debian.org; 2 Mar 2003 22:45:43 +0000
>From branden@deadbeast.net Sun Mar 02 16:45:41 2003
Return-path: <branden@deadbeast.net>
Received: from dhcp16621067.indy.rr.com (redwald.deadbeast.net) [24.166.21.67]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18pcDE-0004fI-00; Sun, 02 Mar 2003 16:45:41 -0600
Received: by redwald.deadbeast.net (Postfix, from userid 1000)
id 6F4CC64477; Sun, 2 Mar 2003 17:45:40 -0500 (EST)
Date: Sun, 2 Mar 2003 17:45:40 -0500
From: Branden Robinson <branden@debian.org>
To: 179846-done@bugs.debian.org
Subject: Re: Bug#179846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=179846
Message-ID: <20030302224540.GF10257@deadbeast.net>
References: <[🔎] 200303021920.h22JKfK09111@invisible-island.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="rMWmSaSbD7nr+du9"
Content-Disposition: inline
In-Reply-To: <[🔎] 200303021920.h22JKfK09111@invisible-island.net>
User-Agent: Mutt/1.5.3i
Delivered-To: 179846-done@bugs.debian.org
X-Spam-Status: No, hits=-3.7 required=4.0
tests=IN_REP_TO,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT,REFERENCES,
SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MUTT
version=2.44
X-Spam-Level:
--rMWmSaSbD7nr+du9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Mar 02, 2003 at 02:20:41PM -0500, Thomas Dickey wrote:
> > Debian Bug report logs - #179846
> > xterm: not documented that xterm squelches ${TMPDIR}
>=20
> xterm doesn't; it is a feature of the system to remove various environment
> variables.
>=20
> >I myself will probably look into the sources to see whether xterm is del=
eting
> >any other envariables. They should be listed in the documentation for e=
veryone
> >to notice.
>=20
> I assume he's going to document it - if/when he reads the code -
> but it doesn't belong in xterm's manpage.
Closing as a spurious report, per upstream maintainer.
--=20
G. Branden Robinson | I suspect Linus wrote that in a
Debian GNU/Linux | complicated way only to be able to
branden@debian.org | have that comment in there.
http://people.debian.org/~branden/ | -- Lars Wirzenius
--rMWmSaSbD7nr+du9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iEYEARECAAYFAj5iiZQACgkQ6kxmHytGonyzVACeIE1Jtwi82bBZ+OeW2+W8ftvt
+lQAn2Slb7NkGna/XJUnVmyxlhFuW2k+
=K/TI
-----END PGP SIGNATURE-----
--rMWmSaSbD7nr+du9--
Reply to: