| 1 |
--- abrt-2.0.7/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c.orig 2011-11-16 07:25:01.000000000 -0500 |
| 2 |
+++ abrt-2.0.7/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c 2013-02-01 17:31:58.890739661 -0500 |
| 3 |
@@ -62,13 +62,12 @@ |
| 4 |
setreuid(u, u); |
| 5 |
/* We are suid'ed! */ |
| 6 |
/* Prevent malicious user from messing up with suid'ed process: */ |
| 7 |
- /* Set safe PATH */ |
| 8 |
-// TODO: honor configure --prefix here by adding it to PATH |
| 9 |
-// (otherwise abrt-action-install-debuginfo would fail to spawn abrt-action-trim-files): |
| 10 |
- if (u == 0) |
| 11 |
- putenv((char*) "PATH=/usr/sbin:/sbin:/usr/bin:/bin"); |
| 12 |
- else |
| 13 |
- putenv((char*) "PATH=/usr/bin:/bin"); |
| 14 |
+#if 1 |
| 15 |
+// We forgot to sanitize PYTHONPATH. And who knows what else we forgot |
| 16 |
+// (especially considering *future* new variables of this kind). |
| 17 |
+// We switched to clearing entire environment instead: |
| 18 |
+ clearenv(); |
| 19 |
+#else |
| 20 |
/* Clear dangerous stuff from env */ |
| 21 |
static const char forbid[] = |
| 22 |
"LD_LIBRARY_PATH" "\0" |
| 23 |
@@ -85,6 +84,14 @@ |
| 24 |
unsetenv(p); |
| 25 |
p += strlen(p) + 1; |
| 26 |
} while (*p); |
| 27 |
+#endif |
| 28 |
+ /* Set safe PATH */ |
| 29 |
+// TODO: honor configure --prefix here by adding it to PATH |
| 30 |
+// (otherwise abrt-action-install-debuginfo would fail to spawn abrt-action-trim-files): |
| 31 |
+ if (u == 0) |
| 32 |
+ putenv((char*) "PATH=/usr/sbin:/sbin:/usr/bin:/bin"); |
| 33 |
+ else |
| 34 |
+ putenv((char*) "PATH=/usr/bin:/bin"); |
| 35 |
} |
| 36 |
|
| 37 |
execvp(EXECUTABLE, argv); |
Parent Directory
| 
Revision Log