From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Jul 2016 18:00:33 +0000 (+0200)
Subject: execute: don't set $SHELL and $HOME for services, if they don't contain interesting... 
X-Git-Tag: v232~337^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70493828032abc74e5134563a915c4a3ccdde7f2;p=thirdparty%2Fsystemd.git

execute: don't set $SHELL and $HOME for services, if they don't contain interesting data
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 0bf80fc437c..77a75245cb4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1724,6 +1724,17 @@ static int exec_child(
                                 *exit_status = EXIT_USER;
                                 return r;
                         }
+
+                        /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */
+                        if (isempty(home) || path_equal(home, "/"))
+                                home = NULL;
+
+                        if (isempty(shell) || PATH_IN_SET(shell,
+                                                          "/bin/nologin",
+                                                          "/sbin/nologin",
+                                                          "/usr/bin/nologin",
+                                                          "/usr/sbin/nologin"))
+                                shell = NULL;
                 }
 
                 if (context->group) {