summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pym/portage/__init__.py11
1 files changed, 8 insertions, 3 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index dbbe97e3a..711355e01 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -860,9 +860,14 @@ class config(object):
_environ_whitelist = []
- # Preserve backupenv values that are initialized in the config
- # constructor. Also, preserve XARGS since it is set by the
- # portage.data module.
+ # Whitelisted variables are always allowed to enter the ebuild
+ # environment. Generally, this only includes special portage
+ # variables. Ebuilds can unset variables that are not whitelisted
+ # and rely on them remaining unset for future phases, without them
+ # leaking back in from various locations (bug #189417). It's very
+ # important to set our special BASH_ENV variable in the ebuild
+ # environment in order to prevent sandbox from sourcing /etc/profile
+ # in it's bashrc (causing major leakage).
_environ_whitelist += [
"BASH_ENV", "BUILD_PREFIX", "D",
"DISTDIR", "DOC_SYMLINKS_DIR", "EBUILD_EXIT_STATUS_FILE",