user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs
It's better to be safe than sorry, let's not allow overriding of the user shell in suid binaries. Similar for $USER.
This commit is contained in:
parent
9e73208afc
commit
b2a3953f81
|
@ -80,7 +80,7 @@ char* getlogname_malloc(void) {
|
|||
char *getusername_malloc(void) {
|
||||
const char *e;
|
||||
|
||||
e = getenv("USER");
|
||||
e = secure_getenv("USER");
|
||||
if (e)
|
||||
return strdup(e);
|
||||
|
||||
|
@ -514,7 +514,7 @@ int get_shell(char **_s) {
|
|||
assert(_s);
|
||||
|
||||
/* Take the user specified one */
|
||||
e = getenv("SHELL");
|
||||
e = secure_getenv("SHELL");
|
||||
if (e && path_is_valid(e) && path_is_absolute(e)) {
|
||||
s = strdup(e);
|
||||
if (!s)
|
||||
|
|
Loading…
Reference in New Issue