From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 Oct 2020 08:54:48 +0000 (+0200)
Subject: pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()
X-Git-Tag: v247-rc1~67^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c;p=thirdparty%2Fsystemd.git

pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()

I can't think of any real vulnerability about this, but it still feels
better to check a variable with "secure" in its name with
secure_getenv() rather than plain getenv().

Paranoia FTW!
---

diff --git a/src/shared/pager.c b/src/shared/pager.c
index 9a14d44d696..9af7009b3f3 100644
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@@ -171,7 +171,7 @@ int pager_open(PagerFlags flags) {
                  * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
                  * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
                  * know to be good. */
-                int use_secure_mode = getenv_bool("SYSTEMD_PAGERSECURE");
+                int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
                 bool trust_pager = use_secure_mode >= 0;
                 if (use_secure_mode == -ENXIO) {
                         uid_t uid;