diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-11-06 05:26:51 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-11-06 05:26:51 +0000 |
| commit | 52816302299854ba1644fce98b5d19db526e6c29 (patch) | |
| tree | 7ddd6080d6a9fca759227b184dcc445d5376a075 /libbb | |
| parent | 6bef3d1d2216234454875052220ca0f477a820b4 (diff) | |
| download | busybox-w32-52816302299854ba1644fce98b5d19db526e6c29.tar.gz busybox-w32-52816302299854ba1644fce98b5d19db526e6c29.tar.bz2 busybox-w32-52816302299854ba1644fce98b5d19db526e6c29.zip | |
login: clear dangerous environment variables if started by non-root
Diffstat (limited to 'libbb')
| -rw-r--r-- | libbb/login.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/libbb/login.c b/libbb/login.c index 308e1bfed..1af3165b9 100644 --- a/libbb/login.c +++ b/libbb/login.c | |||
| @@ -99,3 +99,29 @@ void print_login_prompt(void) | |||
| 99 | fputs(LOGIN, stdout); | 99 | fputs(LOGIN, stdout); |
| 100 | fflush(stdout); | 100 | fflush(stdout); |
| 101 | } | 101 | } |
| 102 | |||
| 103 | /* Clear dangerous stuff, set PATH */ | ||
| 104 | static const char forbid[] ALIGN1 = | ||
| 105 | "ENV" "\0" | ||
| 106 | "BASH_ENV" "\0" | ||
| 107 | "HOME" "\0" | ||
| 108 | "IFS" "\0" | ||
| 109 | "SHELL" "\0" | ||
| 110 | "LD_LIBRARY_PATH" "\0" | ||
| 111 | "LD_PRELOAD" "\0" | ||
| 112 | "LD_TRACE_LOADED_OBJECTS" "\0" | ||
| 113 | "LD_BIND_NOW" "\0" | ||
| 114 | "LD_AOUT_LIBRARY_PATH" "\0" | ||
| 115 | "LD_AOUT_PRELOAD" "\0" | ||
| 116 | "LD_NOWARN" "\0" | ||
| 117 | "LD_KEEPDIR" "\0"; | ||
| 118 | |||
| 119 | void sanitize_env_for_suid(void) | ||
| 120 | { | ||
| 121 | const char *p = forbid; | ||
| 122 | do { | ||
| 123 | unsetenv(p); | ||
| 124 | p += strlen(p) + 1; | ||
| 125 | } while (*p); | ||
| 126 | putenv((char*)bb_PATH_root_path); | ||
| 127 | } | ||