login: clear dangerous environment variables if started by non-root

author: Denis Vlasenko 2007-11-06 05:26:51 +0000
committer: Denis Vlasenko 2007-11-06 05:26:51 +0000
commit: 52816302299854ba1644fce98b5d19db526e6c29 (patch)
tree: 7ddd6080d6a9fca759227b184dcc445d5376a075 /libbb
parent: 6bef3d1d2216234454875052220ca0f477a820b4 (diff)
download: busybox-52816302299854ba1644fce98b5d19db526e6c29.zip
busybox-52816302299854ba1644fce98b5d19db526e6c29.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/libbb/login.c b/libbb/login.c
index 308e1bf..1af3165 100644
--- a/libbb/login.c
+++ b/libbb/login.c
@@ -99,3 +99,29 @@ void print_login_prompt(void)
 	fputs(LOGIN, stdout);
 	fflush(stdout);
 }
+
+/* Clear dangerous stuff, set PATH */
+static const char forbid[] ALIGN1 =
+	"ENV" "\0"
+	"BASH_ENV" "\0"
+	"HOME" "\0"
+	"IFS" "\0"
+	"SHELL" "\0"
+	"LD_LIBRARY_PATH" "\0"
+	"LD_PRELOAD" "\0"
+	"LD_TRACE_LOADED_OBJECTS" "\0"
+	"LD_BIND_NOW" "\0"
+	"LD_AOUT_LIBRARY_PATH" "\0"
+	"LD_AOUT_PRELOAD" "\0"
+	"LD_NOWARN" "\0"
+	"LD_KEEPDIR" "\0";
+
+void sanitize_env_for_suid(void)
+{
+	const char *p = forbid;
+	do {
+		unsetenv(p);
+		p += strlen(p) + 1;
+	} while (*p);
+	putenv((char*)bb_PATH_root_path);
+}
author	Denis Vlasenko	2007-11-06 05:26:51 +0000
committer	Denis Vlasenko	2007-11-06 05:26:51 +0000
commit	52816302299854ba1644fce98b5d19db526e6c29 (patch)
tree	7ddd6080d6a9fca759227b184dcc445d5376a075 /libbb
parent	6bef3d1d2216234454875052220ca0f477a820b4 (diff)
download	busybox-52816302299854ba1644fce98b5d19db526e6c29.zip busybox-52816302299854ba1644fce98b5d19db526e6c29.tar.gz