execute: don't set $SHELL and $HOME for services, if they don't contain interesting data

2016-07-27 20:00:33 +02:00 · 2016-07-27 20:00:33 +02:00 · 7049382803
parent 6af760f3b2
commit 7049382803
1 changed files with 11 additions and 0 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1724,6 +1724,17 @@ static int exec_child(
                                *exit_status = EXIT_USER;
                                return r;
                        }
+
+                        /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */
+                        if (isempty(home) || path_equal(home, "/"))
+                                home = NULL;
+
+                        if (isempty(shell) || PATH_IN_SET(shell,
+                                                          "/bin/nologin",
+                                                          "/sbin/nologin",
+                                                          "/usr/bin/nologin",
+                                                          "/usr/sbin/nologin"))
+                                shell = NULL;
                }

                if (context->group) {