From: Karel Zak Date: Wed, 28 Aug 2024 10:10:50 +0000 (+0200) Subject: login: add LOGIN_ENV_SAFELIST /etc/login.def item X-Git-Tag: v2.42-start~214^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=579075976769ffc772012f82b1d2678f403ddb9a;p=thirdparty%2Futil-linux.git login: add LOGIN_ENV_SAFELIST /etc/login.def item It is possible to preserve the entire environment (-p), but it is rarely a good idea. The new configuration file item allows for specifying a list of variables to protect, such as locale-related environment variables. Addresses: https://github.com/util-linux/util-linux/pull/3159 Signed-off-by: Karel Zak --- diff --git a/login-utils/login.1.adoc b/login-utils/login.1.adoc index 7a7b82d2d..c31ec6269 100644 --- a/login-utils/login.1.adoc +++ b/login-utils/login.1.adoc @@ -39,7 +39,7 @@ If the file _.hushlogin_ exists, then a "quiet" login is performed. This disable == OPTIONS *-p*:: -Used by *getty*(8) to tell *login* to preserve the environment. +Used by *getty*(8) to tell *login* to preserve the environment. See also *LOGIN_ENV_SAFELIST* config file item. *-f*:: Used to skip a login authentication. This option is usually used by the *getty*(8) autologin feature. @@ -71,6 +71,10 @@ Note that *login* does not implement any filenames overriding behavior like pam_ Forces *login* to stop display content specified by *MOTD_FILE* after the first accessible item in the list. Note that a directory is one item in this case. This option allows *login* semantics to be configured to be more compatible with pam_motd. The default value is _no_. +*LOGIN_ENV_SAFELIST* (string):: + +Forces *login* to protect the specified environment variables if *-p* is not used. The string value is a comma-separated list of variable names. For example: "LANG,LC_MESSAGES,LC_COLLATE". The safelist is ignored for the environment variables HOME, SHELL and USER. + *LOGIN_PLAIN_PROMPT* (boolean):: Tell *login* that printing the hostname should be suppressed in the login: prompt. This is an alternative to the *-H* command line option. The default value is _no_. diff --git a/login-utils/login.c b/login-utils/login.c index c3fb1b258..a31292772 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -1188,23 +1188,29 @@ static void fork_session(struct login_context *cxt) static void init_environ(struct login_context *cxt) { struct passwd *pwd = cxt->pwd; - char *termenv, **env; + struct ul_env_list *saved; + char **env; char tmp[PATH_MAX]; int len, i; - termenv = getenv("TERM"); - if (termenv) - termenv = xstrdup(termenv); + saved = env_list_add_getenv(NULL, "TERM", "dumb"); /* destroy environment unless user has requested preservation (-p) */ - if (!cxt->keep_env) + if (!cxt->keep_env) { + const char *str = getlogindefs_str("LOGIN_ENV_SAFELIST", NULL); + + saved = env_list_add_getenvs(saved, str); environ = xcalloc(1, sizeof(char *)); + } + + if (env_list_setenv(saved, 1) != 0) + err(EXIT_FAILURE, _("failed to set the environment variables")); + + env_list_free(saved); xsetenv("HOME", pwd->pw_dir, 0); /* legal to override */ xsetenv("USER", pwd->pw_name, 1); xsetenv("SHELL", pwd->pw_shell, 1); - xsetenv("TERM", termenv ? termenv : "dumb", 1); - free(termenv); if (pwd->pw_uid) { if (logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH) != 0)