From: Guido van Rossum <guido@python.org>
Date: Tue, 11 Mar 1997 18:24:21 +0000 (+0000)
Subject: Zap all env vars beginning with PYTHON to prevent an obvious form of attack.
X-Git-Tag: v1.5a1~297
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb;p=thirdparty%2FPython%2Fcpython.git

Zap all env vars beginning with PYTHON to prevent an obvious form of attack.
---

diff --git a/Misc/setuid-prog.c b/Misc/setuid-prog.c
index 6f25493cca9f..b49438a1c670 100644
--- a/Misc/setuid-prog.c
+++ b/Misc/setuid-prog.c
@@ -105,6 +105,8 @@ clean_environ(void)
 			**p = 'X';
 		else if (strncmp(*p, "_RLD", 4) == 0)
 			**p = 'X';
+		else if (strncmp(*p, "PYTHON", 6) == 0)
+			**p = 'X';
 		else if (strncmp(*p, "IFS=", 4) == 0)
 			*p = def_IFS;
 		else if (strncmp(*p, "CDPATH=", 7) == 0)