From 4c0c2fb7766546cb466f05f76e5febd5d8f682e0 Mon Sep 17 00:00:00 2001 From: markus schnalke Date: Thu, 22 Mar 2012 08:49:57 +0100 Subject: [PATCH] slocal: Don't remove $PATH from env. Now execvp() searches as expected. Stripping the environment may rather keep the user from doing sensible things than it increases the security. Maybe we shouldn't strip it at all. --- uip/slocal.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/uip/slocal.c b/uip/slocal.c index b619952..7f27226 100644 --- a/uip/slocal.c +++ b/uip/slocal.c @@ -1108,6 +1108,7 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress) pid_t child_id; int bytes, seconds, status; struct stat st; + char *path; if (verbose && !suppress) { verbose_printf("delivering to pipe \"%s\"", cmd); @@ -1144,10 +1145,12 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress) /* put in own process group */ setpgid((pid_t) 0, getpid()); + path = getenv("PATH"); *environ = NULL; m_putenv("USER", pw->pw_name); m_putenv("HOME", pw->pw_dir); m_putenv("SHELL", pw->pw_shell); + m_putenv("PATH", path); execvp(pgm, vec); _exit(-1); -- 1.7.10.4