su: protect COLORTERM and NO_COLOR env. variables

author Karel Zak <kzak@redhat.com>

Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)

committer Karel Zak <kzak@redhat.com>

Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)
author Karel Zak <kzak@redhat.com>
Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)
committer Karel Zak <kzak@redhat.com>
Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)
diff --git a/login-utils/runuser.1.adoc b/login-utils/runuser.1.adoc

index df9e122a9e2e7b097c2c8cf6a5f7a1363037030b..8402bfeac47577d6e04db092cfb5621d26943aa9 100644 (file)
--- a/login-utils/runuser.1.adoc
+++ b/login-utils/runuser.1.adoc
@@ -47,7 +47,7 @@ Specify a supplementary group. This option is available to the root user only. T
  *-*, *-l*, *--login*::
  Start the shell as a login shell with an environment similar to a real login:
  +
-* clears all the environment variables except for *TERM* and variables specified by *--whitelist-environment*
+* clears all the environment variables except for *TERM*, *COLORTERM*, *NO_COLOR* and variables specified by *--whitelist-environment*
  * initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
  * changes to the target user's home directory
  * sets argv[0] of the shell to '*-*' in order to make the shell a login shell
diff --git a/login-utils/su-common.c b/login-utils/su-common.c

index cf10caa6f42bd2d21d7895fff7cc5a9eb3628a22..08ac5a518bb10b21f5964fba6bb443860f4fdc08 100644 (file)
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -704,8 +704,10 @@ static void modify_environment(struct su_context *su, const char *shell)
          * --whitelist-environment if specified.
          */
         if (su->simulate_login) {
-               /* leave TERM unchanged */
+               /* leave unchanged */
                 su->env_whitelist = env_list_add_getenv(su->env_whitelist, "TERM", NULL);
+               su->env_whitelist = env_list_add_getenv(su->env_whitelist, "COLORTERM", NULL);
+               su->env_whitelist = env_list_add_getenv(su->env_whitelist, "NO_COLOR", NULL);
  
                 /* Note that original su(1) has allocated environ[] by malloc
                  * to the number of expected variables. This seems unnecessary
diff --git a/login-utils/su.1.adoc b/login-utils/su.1.adoc

index 596fceb668aa58b1341be62124c012df9d8c21ee..72abfdcc807c6d6751a6fcdaea69d391f23c5b28 100644 (file)
--- a/login-utils/su.1.adoc
+++ b/login-utils/su.1.adoc
@@ -55,7 +55,7 @@ PAM) from this point of view. You need to use tools like *systemd-run* or
  +
  *su* does:
  +
-* clears all the environment variables except *TERM* and variables specified by *--whitelist-environment*
+* clears all the environment variables except *TERM*, *COLORTERM*, *NO_COLOR* and variables specified by *--whitelist-environment*
  * initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*
  * changes to the target user's home directory
  * sets argv[0] of the shell to '*-*' in order to make the shell a login shell
author	Karel Zak <kzak@redhat.com>
	Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)
committer	Karel Zak <kzak@redhat.com>
	Wed, 7 May 2025 09:35:05 +0000 (11:35 +0200)
login-utils/runuser.1.adoc		patch \| blob \| blame \| history
login-utils/su-common.c		patch \| blob \| blame \| history
login-utils/su.1.adoc		patch \| blob \| blame \| history