Beware global state in hooks

Gustavo Niemeyer gustavo at
Mon Sep 16 23:21:56 UTC 2013

Doesn't really seem like an issue. It's usual to see things not
working if a process environment is arbitrarily modified
(communication with X is broken, password agent is gone,  etc). It's
even less of an issue given the original context provided, with
setuid. *Hopefully* changing to an arbitrary user will stop the
communication of the juju commands with the agent.

On Mon, Sep 16, 2013 at 8:12 PM, Kapil Thangavelu
<kapil.thangavelu at> wrote:
> Process hierarchy
> unit agent -> hook -> juju-cli hook api (config-get/relation-get/set)
> He's saying the hook env can effect runtime of the hook cli api. Its
> debatable, but one option might be white-listing env variables that the
> hooks support, and unsetting those not related.
> On Tue, Sep 17, 2013 at 7:52 AM, David Cheney <david.cheney at>
> wrote:
>> > Be careful when touching process-global state when writing charm
>> > hooks. Calling out to the juju tools such as config-get will inherit
>> > the normal C environment, and juju may break in surprising ways if you
>> > don't leave it how you found it.
>> I'm confused, are you saying the subprocess was able to mutate the
>> environment of the caller ? I really don't follow.
>> --
>> Juju mailing list
>> Juju at
>> Modify settings or unsubscribe at:
> --
> Juju mailing list
> Juju at
> Modify settings or unsubscribe at:


gustavo @

More information about the Juju mailing list