diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-17 19:03:00 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-18 00:42:32 +0100 |
| commit | 4886d0dd6c77d029209cc09a9e15a89ffb23b9fc (patch) | |
| tree | 8a5e41287c800edab5656b9915264aa8bb67c220 | |
| parent | 3a5c3f0596398d64bb34498f40becbcd32ffa5de (diff) | |
Sanitize environment when spawning children.
Set $HOME, $USER, $SHELL, $PATH, $LOGNAME to appropriate values (and
perserve $TERM), which matches the login(1) behavior.
| -rw-r--r-- | Changelog | 2 | ||||
| -rwxr-xr-x | lacme | 7 |
2 files changed, 9 insertions, 0 deletions
@@ -28,6 +28,8 @@ lacme (0.7.1) upstream; useful for OCSP Must-Staple. + client: use "lacme-client/$VERSION" as User-Agent header. + Consolidate error messages for consistency. + + Sanitize environment when spawning the lacme client, webserver and + accountd. - lacme: delay webserver socket shutdown to after the process has terminated. - documentation: suggest to generate private key material with @@ -234,6 +234,13 @@ sub drop_privileges($$$) { die "Couldn't setuid/seteuid" unless $< == $uid and $> == $uid; # safety check } + # sanitize environment + my $term = $ENV{TERM}; + my @ent = getpwuid($>) or die "getpwuid($>): $!"; + %ENV = ( USER => $ent[0], LOGNAME => $ent[0], HOME => $ent[7], SHELL => $ent[8] ); + $ENV{PATH} = $> == 0 ? "/usr/sbin:/usr/bin:/sbin:/bin" : "/usr/bin:/bin"; + $ENV{TERM} = $term if defined $term; # preserve $TERM + chdir $dir or die "chdir($dir): $!"; } |