slocal: Don't remove $PATH from env. Now execvp() searches as expected.

Stripping the environment may rather keep the user from doing sensible
things than it increases the security. Maybe we shouldn't strip it at all.

diff --git a/uip/slocal.c b/uip/slocal.c
index b619952..7f27226 100644 (file)
--- a/uip/slocal.c
+++ b/uip/slocal.c
@@ -1108,6 +1108,7 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress)
        pid_t child_id;
        int bytes, seconds, status;
        struct stat st;
+       char *path;
 
        if (verbose && !suppress) {
                verbose_printf("delivering to pipe \"%s\"", cmd);
@@ -1144,10 +1145,12 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress)
                /* put in own process group */
                setpgid((pid_t) 0, getpid());
 
+               path = getenv("PATH");
                *environ = NULL;
                m_putenv("USER", pw->pw_name);
                m_putenv("HOME", pw->pw_dir);
                m_putenv("SHELL", pw->pw_shell);
+               m_putenv("PATH", path);
 
                execvp(pgm, vec);
                _exit(-1);