aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Changelog2
-rwxr-xr-xlacme7
2 files changed, 9 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index cda155f..019c076 100644
--- a/Changelog
+++ b/Changelog
@@ -28,6 +28,8 @@ lacme (0.7.1) upstream;
useful for OCSP Must-Staple.
+ client: use "lacme-client/$VERSION" as User-Agent header.
+ Consolidate error messages for consistency.
+ + Sanitize environment when spawning the lacme client, webserver and
+ accountd.
- lacme: delay webserver socket shutdown to after the process has
terminated.
- documentation: suggest to generate private key material with
diff --git a/lacme b/lacme
index f0beac1..a5ba9f4 100755
--- a/lacme
+++ b/lacme
@@ -234,6 +234,13 @@ sub drop_privileges($$$) {
die "Couldn't setuid/seteuid" unless $< == $uid and $> == $uid; # safety check
}
+ # sanitize environment
+ my $term = $ENV{TERM};
+ my @ent = getpwuid($>) or die "getpwuid($>): $!";
+ %ENV = ( USER => $ent[0], LOGNAME => $ent[0], HOME => $ent[7], SHELL => $ent[8] );
+ $ENV{PATH} = $> == 0 ? "/usr/sbin:/usr/bin:/sbin:/bin" : "/usr/bin:/bin";
+ $ENV{TERM} = $term if defined $term; # preserve $TERM
+
chdir $dir or die "chdir($dir): $!";
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 21:15:48 +0000