diff options
author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-11-06 08:26:51 +0300 |
---|---|---|
committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-11-06 08:26:51 +0300 |
commit | 52816302299854ba1644fce98b5d19db526e6c29 (patch) | |
tree | 7ddd6080d6a9fca759227b184dcc445d5376a075 /loginutils/sulogin.c | |
parent | 6bef3d1d2216234454875052220ca0f477a820b4 (diff) |
login: clear dangerous environment variables if started by non-root
Diffstat (limited to 'loginutils/sulogin.c')
-rw-r--r-- | loginutils/sulogin.c | 25 |
1 files changed, 2 insertions, 23 deletions
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c index f1545b78f..af457ef1e 100644 --- a/loginutils/sulogin.c +++ b/loginutils/sulogin.c @@ -9,22 +9,6 @@ #include "libbb.h" -static const char forbid[] ALIGN1 = - "ENV" "\0" - "BASH_ENV" "\0" - "HOME" "\0" - "IFS" "\0" - "PATH" "\0" - "SHELL" "\0" - "LD_LIBRARY_PATH" "\0" - "LD_PRELOAD" "\0" - "LD_TRACE_LOADED_OBJECTS" "\0" - "LD_BIND_NOW" "\0" - "LD_AOUT_LIBRARY_PATH" "\0" - "LD_AOUT_PRELOAD" "\0" - "LD_NOWARN" "\0" - "LD_KEEPDIR" "\0"; - //static void catchalarm(int ATTRIBUTE_UNUSED junk) //{ // exit(EXIT_FAILURE); @@ -37,7 +21,6 @@ int sulogin_main(int argc, char **argv) char *cp; int timeout = 0; char *timeout_arg; - const char *p; struct passwd *pwd; const char *shell; #if ENABLE_FEATURE_SHADOWPASSWDS @@ -66,12 +49,8 @@ int sulogin_main(int argc, char **argv) bb_error_msg_and_die("not a tty"); } - /* Clear out anything dangerous from the environment */ - p = forbid; - do { - unsetenv(p); - p += strlen(p) + 1; - } while (*p); + /* Clear dangerous stuff, set PATH */ + sanitize_env_for_suid(); // bb_askpass() already handles this // signal(SIGALRM, catchalarm); |