dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs

Browse Source 
It's better to be safe than sorry, let's not allow overriding of the
user shell in suid binaries. Similar for $USER.
This commit is contained in:
Lennart Poettering
2019-03-12 15:52:06 +01:00
parent 9e73208afc
commit b2a3953f81
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/basic/user-util.c
View File

@@ -80,7 +80,7 @@ char* getlogname_malloc(void) {
char *getusername_malloc(void) {
const char *e;
e = getenv("USER");
e = secure_getenv("USER");
if (e)
return strdup(e);
@@ -514,7 +514,7 @@ int get_shell(char **_s) {
assert(_s);
/* Take the user specified one */
e = getenv("SHELL");
e = secure_getenv("SHELL");
if (e && path_is_valid(e) && path_is_absolute(e)) {
s = strdup(e);
if (!s)