login: add LOGIN_ENV_SAFELIST /etc/login.def item

It is possible to preserve the entire environment (-p), but it is
rarely a good idea. The new configuration file item allows for
specifying a list of variables to protect, such as locale-related
environment variables.

Addresses: https://github.com/util-linux/util-linux/pull/3159
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/login.1.adoc b/login-utils/login.1.adoc
index 7a7b82d2d713ae9dd0d42f9db20f4fb97264d150..c31ec62696557fa04a58270a71af9d12f734f94b 100644 (file)
--- a/login-utils/login.1.adoc
+++ b/login-utils/login.1.adoc
@@ -39,7 +39,7 @@ If the file _.hushlogin_ exists, then a "quiet" login is performed. This disable
 == OPTIONS
 
 *-p*::
-Used by *getty*(8) to tell *login* to preserve the environment.
+Used by *getty*(8) to tell *login* to preserve the environment. See also *LOGIN_ENV_SAFELIST* config file item.
 
 *-f*::
 Used to skip a login authentication. This option is usually used by the *getty*(8) autologin feature.
@@ -71,6 +71,10 @@ Note that *login* does not implement any filenames overriding behavior like pam_
 
 Forces *login* to stop display content specified by *MOTD_FILE* after the first accessible item in the list. Note that a directory is one item in this case. This option allows *login* semantics to be configured to be more compatible with pam_motd. The default value is _no_.
 
+*LOGIN_ENV_SAFELIST* (string)::
+
+Forces *login* to protect the specified environment variables if *-p* is not used. The string value is a comma-separated list of variable names. For example: "LANG,LC_MESSAGES,LC_COLLATE".  The safelist is ignored for the environment variables HOME, SHELL and USER.
+
 *LOGIN_PLAIN_PROMPT* (boolean)::
 
 Tell *login* that printing the hostname should be suppressed in the login: prompt. This is an alternative to the *-H* command line option. The default value is _no_.

diff --git a/login-utils/login.c b/login-utils/login.c
index c3fb1b258f8d2f9bcbfbe0e7f09c8475ba899136..a312927720c104feef402e455ada9cf9758686e9 100644 (file)
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -1188,23 +1188,29 @@ static void fork_session(struct login_context *cxt)
 static void init_environ(struct login_context *cxt)
 {
        struct passwd *pwd = cxt->pwd;
-       char *termenv, **env;
+       struct ul_env_list *saved;
+       char **env;
        char tmp[PATH_MAX];
        int len, i;
 
-       termenv = getenv("TERM");
-       if (termenv)
-               termenv = xstrdup(termenv);
+       saved = env_list_add_getenv(NULL, "TERM", "dumb");
 
        /* destroy environment unless user has requested preservation (-p) */
-       if (!cxt->keep_env)
+       if (!cxt->keep_env) {
+               const char *str = getlogindefs_str("LOGIN_ENV_SAFELIST", NULL);
+
+               saved = env_list_add_getenvs(saved, str);
                environ = xcalloc(1, sizeof(char *));
+       }
+
+       if (env_list_setenv(saved, 1) != 0)
+               err(EXIT_FAILURE, _("failed to set the environment variables"));
+
+       env_list_free(saved);
 
        xsetenv("HOME", pwd->pw_dir, 0);        /* legal to override */
        xsetenv("USER", pwd->pw_name, 1);
        xsetenv("SHELL", pwd->pw_shell, 1);
-       xsetenv("TERM", termenv ? termenv : "dumb", 1);
-       free(termenv);
 
        if (pwd->pw_uid) {
                if (logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH) != 0)