1 |
--- abrt-2.0.7/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c.orig 2011-11-16 07:25:01.000000000 -0500 |
2 |
+++ abrt-2.0.7/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c 2013-02-01 17:31:58.890739661 -0500 |
3 |
@@ -62,13 +62,12 @@ |
4 |
setreuid(u, u); |
5 |
/* We are suid'ed! */ |
6 |
/* Prevent malicious user from messing up with suid'ed process: */ |
7 |
- /* Set safe PATH */ |
8 |
-// TODO: honor configure --prefix here by adding it to PATH |
9 |
-// (otherwise abrt-action-install-debuginfo would fail to spawn abrt-action-trim-files): |
10 |
- if (u == 0) |
11 |
- putenv((char*) "PATH=/usr/sbin:/sbin:/usr/bin:/bin"); |
12 |
- else |
13 |
- putenv((char*) "PATH=/usr/bin:/bin"); |
14 |
+#if 1 |
15 |
+// We forgot to sanitize PYTHONPATH. And who knows what else we forgot |
16 |
+// (especially considering *future* new variables of this kind). |
17 |
+// We switched to clearing entire environment instead: |
18 |
+ clearenv(); |
19 |
+#else |
20 |
/* Clear dangerous stuff from env */ |
21 |
static const char forbid[] = |
22 |
"LD_LIBRARY_PATH" "\0" |
23 |
@@ -85,6 +84,14 @@ |
24 |
unsetenv(p); |
25 |
p += strlen(p) + 1; |
26 |
} while (*p); |
27 |
+#endif |
28 |
+ /* Set safe PATH */ |
29 |
+// TODO: honor configure --prefix here by adding it to PATH |
30 |
+// (otherwise abrt-action-install-debuginfo would fail to spawn abrt-action-trim-files): |
31 |
+ if (u == 0) |
32 |
+ putenv((char*) "PATH=/usr/sbin:/sbin:/usr/bin:/bin"); |
33 |
+ else |
34 |
+ putenv((char*) "PATH=/usr/bin:/bin"); |
35 |
} |
36 |
|
37 |
execvp(EXECUTABLE, argv); |