From: Luca Boccassi Date: Fri, 15 May 2026 21:52:13 +0000 (+0100) Subject: Revert "shared/pager: add support for more(1) pager in secure mode" X-Git-Tag: v261-rc1~143 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c043b9018733382c49d3d40f7ca406c43e9ae9fc;p=thirdparty%2Fsystemd.git Revert "shared/pager: add support for more(1) pager in secure mode" --- diff --git a/README b/README index 30bb9ee5116..1cae26ba3a5 100644 --- a/README +++ b/README @@ -264,9 +264,9 @@ REQUIREMENTS: During runtime, you need the following additional dependencies: - util-linux >= v2.42 required (including but not limited to: mount, - umount, swapon, swapoff, sulogin, - agetty, fsck, more) + util-linux >= v2.27.1 required (including but not limited to: mount, + umount, swapon, swapoff, sulogin, + agetty, fsck) dbus >= 1.4.0 (strictly speaking optional, but recommended) NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). diff --git a/man/common-variables.xml b/man/common-variables.xml index 74463c23d60..0f807b2cde1 100644 --- a/man/common-variables.xml +++ b/man/common-variables.xml @@ -190,14 +190,11 @@ allowing untrusted users to execute commands with elevated privileges. This option takes a boolean argument. When set to true, the "secure mode" of the pager is - enabled. In "secure mode", and will be set - when invoking the pager, which instructs the pager to disable commands that open or create new files or - start new subprocesses. + enabled. In "secure mode", will be set when invoking the pager, which + instructs the pager to disable commands that open or create new files or start new subprocesses. Currently only less1 and - more1 are known - to understand these variables, respectively, and implement "secure mode". + project='man-pages'>less1 is known + to understand this variable and implement "secure mode". When set to false, no limitation is placed on the pager. Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited environment may allow diff --git a/src/shared/pager.c b/src/shared/pager.c index 61718aeaa68..3c89aacab48 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -206,13 +206,6 @@ void pager_open(PagerFlags flags) { _exit(EXIT_FAILURE); } - /* Some pager implementations support the PAGERSECURE environment variable, e.g. more(1) */ - r = set_unset_env("PAGERSECURE", use_secure_mode ? "1" : NULL, true); - if (r < 0) { - log_error_errno(r, "Failed to adjust environment variable PAGERSECURE: %m"); - _exit(EXIT_FAILURE); - } - if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot * know if the user adjusted it to be appropriate for the * secure mode. Thus, start the pager specified through @@ -235,8 +228,8 @@ void pager_open(PagerFlags flags) { static const char* pagers[] = { "pager", "less", "more", "(built-in)" }; for (unsigned i = 0; i < ELEMENTSOF(pagers); i++) { - /* Only less, more (and our trivial fallback) implement secure mode right now. */ - if (use_secure_mode && !STR_IN_SET(pagers[i], "less", "more", "(built-in)")) + /* Only less (and our trivial fallback) implement secure mode right now. */ + if (use_secure_mode && !STR_IN_SET(pagers[i], "less", "(built-in)")) continue; r = loop_write(exe_name_pipe[1], pagers[i], strlen(pagers[i]) + 1);