From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 12 Mar 2019 14:52:06 +0000 (+0100)
Subject: user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs
X-Git-Tag: v242-rc1~155^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2a3953f817d8db15393e30d1f46e4fa85fcf23a;p=thirdparty%2Fsystemd.git

user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs

It's better to be safe than sorry, let's not allow overriding of the
user shell in suid binaries. Similar for $USER.
---

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 5f1bd5f5a20..a479590e479 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -80,7 +80,7 @@ char* getlogname_malloc(void) {
 char *getusername_malloc(void) {
         const char *e;
 
-        e = getenv("USER");
+        e = secure_getenv("USER");
         if (e)
                 return strdup(e);
 
@@ -514,7 +514,7 @@ int get_shell(char **_s) {
         assert(_s);
 
         /* Take the user specified one */
-        e = getenv("SHELL");
+        e = secure_getenv("SHELL");
         if (e && path_is_valid(e) && path_is_absolute(e)) {
                 s = strdup(e);
                 if (!s)