slocal: Don't remove $PATH from env. Now execvp() searches as expected.
authormarkus schnalke <meillo@marmaro.de>
Thu, 22 Mar 2012 07:49:57 +0000 (08:49 +0100)
committermarkus schnalke <meillo@marmaro.de>
Thu, 22 Mar 2012 07:49:57 +0000 (08:49 +0100)
Stripping the environment may rather keep the user from doing sensible
things than it increases the security. Maybe we shouldn't strip it at all.

uip/slocal.c

index b619952..7f27226 100644 (file)
@@ -1108,6 +1108,7 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress)
        pid_t child_id;
        int bytes, seconds, status;
        struct stat st;
+       char *path;
 
        if (verbose && !suppress) {
                verbose_printf("delivering to pipe \"%s\"", cmd);
@@ -1144,10 +1145,12 @@ usr_pipe(int fd, char *cmd, char *pgm, char **vec, int suppress)
                /* put in own process group */
                setpgid((pid_t) 0, getpid());
 
+               path = getenv("PATH");
                *environ = NULL;
                m_putenv("USER", pw->pw_name);
                m_putenv("HOME", pw->pw_dir);
                m_putenv("SHELL", pw->pw_shell);
+               m_putenv("PATH", path);
 
                execvp(pgm, vec);
                _exit(-1);