From 4886d0dd6c77d029209cc09a9e15a89ffb23b9fc Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 17 Feb 2021 19:03:00 +0100
Subject: Sanitize environment when spawning children.

Set $HOME, $USER, $SHELL, $PATH, $LOGNAME to appropriate values (and
perserve $TERM), which matches the login(1) behavior.
---
 lacme | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lacme')

diff --git a/lacme b/lacme
index f0beac1..a5ba9f4 100755
--- a/lacme
+++ b/lacme
@@ -234,6 +234,13 @@ sub drop_privileges($$$) {
         die "Couldn't setuid/seteuid" unless $< == $uid and $> == $uid; # safety check
     }
 
+    # sanitize environment
+    my $term = $ENV{TERM};
+    my @ent = getpwuid($>) or die "getpwuid($>): $!";
+    %ENV = ( USER => $ent[0], LOGNAME => $ent[0], HOME => $ent[7], SHELL => $ent[8] );
+    $ENV{PATH} = $> == 0 ? "/usr/sbin:/usr/bin:/sbin:/bin" : "/usr/bin:/bin";
+    $ENV{TERM} = $term if defined $term; # preserve $TERM
+
     chdir $dir or die "chdir($dir): $!";
 }
 
-- 
cgit v1.2.3