From 81bb42426b1569e40f86cecdd208b5bdfda915f0 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Wed, 7 May 2025 11:35:05 +0200 Subject: [PATCH] su: protect COLORTERM and NO_COLOR env. variables Fixes: https://github.com/util-linux/util-linux/issues/3463 Signed-off-by: Karel Zak --- login-utils/runuser.1.adoc | 2 +- login-utils/su-common.c | 4 +++- login-utils/su.1.adoc | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/login-utils/runuser.1.adoc b/login-utils/runuser.1.adoc index df9e122a9..8402bfeac 100644 --- a/login-utils/runuser.1.adoc +++ b/login-utils/runuser.1.adoc @@ -47,7 +47,7 @@ Specify a supplementary group. This option is available to the root user only. T *-*, *-l*, *--login*:: Start the shell as a login shell with an environment similar to a real login: + -* clears all the environment variables except for *TERM* and variables specified by *--whitelist-environment* +* clears all the environment variables except for *TERM*, *COLORTERM*, *NO_COLOR* and variables specified by *--whitelist-environment* * initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH* * changes to the target user's home directory * sets argv[0] of the shell to '*-*' in order to make the shell a login shell diff --git a/login-utils/su-common.c b/login-utils/su-common.c index cf10caa6f..08ac5a518 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -704,8 +704,10 @@ static void modify_environment(struct su_context *su, const char *shell) * --whitelist-environment if specified. */ if (su->simulate_login) { - /* leave TERM unchanged */ + /* leave unchanged */ su->env_whitelist = env_list_add_getenv(su->env_whitelist, "TERM", NULL); + su->env_whitelist = env_list_add_getenv(su->env_whitelist, "COLORTERM", NULL); + su->env_whitelist = env_list_add_getenv(su->env_whitelist, "NO_COLOR", NULL); /* Note that original su(1) has allocated environ[] by malloc * to the number of expected variables. This seems unnecessary diff --git a/login-utils/su.1.adoc b/login-utils/su.1.adoc index 596fceb66..72abfdcc8 100644 --- a/login-utils/su.1.adoc +++ b/login-utils/su.1.adoc @@ -55,7 +55,7 @@ PAM) from this point of view. You need to use tools like *systemd-run* or + *su* does: + -* clears all the environment variables except *TERM* and variables specified by *--whitelist-environment* +* clears all the environment variables except *TERM*, *COLORTERM*, *NO_COLOR* and variables specified by *--whitelist-environment* * initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH* * changes to the target user's home directory * sets argv[0] of the shell to '*-*' in order to make the shell a login shell -- 2.47.2