diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-12-23 15:43:18 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-12-23 15:44:44 -0500 |
| commit | b87c18c6676bdd262e676eacbc65352e5404bb07 (patch) | |
| tree | d831848afe58139e7cd91752b83abf049476150e /sys-apps/xinetd/files | |
| parent | x11-misc/nitrogen: Fix building with latest glibmm/libsigc++ (diff) | |
| download | gentoo-b87c18c6676bdd262e676eacbc65352e5404bb07.tar.gz gentoo-b87c18c6676bdd262e676eacbc65352e5404bb07.tar.bz2 gentoo-b87c18c6676bdd262e676eacbc65352e5404bb07.zip | |
sys-apps/xinetd: default to clearing active env
It's rare that we want the active shell environment to be passed down
to xinetd services, so default to clearing things. If a service wants
an env var to be set, they can do so explicitly.
Diffstat (limited to 'sys-apps/xinetd/files')
| -rw-r--r-- | sys-apps/xinetd/files/xinetd-2.3.15-config.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/sys-apps/xinetd/files/xinetd-2.3.15-config.patch b/sys-apps/xinetd/files/xinetd-2.3.15-config.patch new file mode 100644 index 000000000000..b362a97dbe82 --- /dev/null +++ b/sys-apps/xinetd/files/xinetd-2.3.15-config.patch @@ -0,0 +1,22 @@ +set up some secure defaults: + - services can only be accessed from localhost + - sanitize the runtime environment (so root's shell vars don't bleed through) + +--- contrib/xinetd.conf ++++ contrib/xinetd.conf +@@ -22,5 +22,5 @@ + # + # no_access = +-# only_from = ++ only_from = localhost + # max_load = 0 + cps = 50 10 +@@ -35,7 +35,7 @@ defaults + + # setup environmental attributes + # +-# passenv = ++ passenv = + groups = yes + umask = 002 + |