Stripping the environment may rather keep the user from doing sensible
things than it increases the security. Maybe we shouldn't strip it at all.
pid_t child_id;
int bytes, seconds, status;
struct stat st;
pid_t child_id;
int bytes, seconds, status;
struct stat st;
if (verbose && !suppress) {
verbose_printf("delivering to pipe \"%s\"", cmd);
if (verbose && !suppress) {
verbose_printf("delivering to pipe \"%s\"", cmd);
/* put in own process group */
setpgid((pid_t) 0, getpid());
/* put in own process group */
setpgid((pid_t) 0, getpid());
*environ = NULL;
m_putenv("USER", pw->pw_name);
m_putenv("HOME", pw->pw_dir);
m_putenv("SHELL", pw->pw_shell);
*environ = NULL;
m_putenv("USER", pw->pw_name);
m_putenv("HOME", pw->pw_dir);
m_putenv("SHELL", pw->pw_shell);
+ m_putenv("PATH", path);
execvp(pgm, vec);
_exit(-1);
execvp(pgm, vec);
_exit(-1);