Don't allow LD_* env. variables to be tricked

Submitted by: Sam Hartman <hartmans@mit.edu>
This commit is contained in:
Andrey A. Chernov 1995-10-20 17:26:40 +00:00
parent b6369ff12e
commit 68942f23dd
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=11591

View File

@ -1555,6 +1555,8 @@ start_login(host, autologin, name)
fatal(net, "makeutx failed"); fatal(net, "makeutx failed");
#endif #endif
scrub_env();
/* /*
* -h : pass on name of host. * -h : pass on name of host.
* WARNING: -h is accepted by login if and only if * WARNING: -h is accepted by login if and only if
@ -1767,6 +1769,26 @@ addarg(argv, val)
} }
#endif /* NEWINIT */ #endif /* NEWINIT */
/*
* scrub_env()
*
* Remove a few things from the environment that
* don't need to be there.
*/
scrub_env()
{
register char **cpp, **cpp2;
for (cpp2 = cpp = environ; *cpp; cpp++) {
if (!strncmp(*cpp, "LD_", 3) &&
!strncmp(*cpp, "_RLD_", 5) &&
!strncmp(*cpp, "LIBPATH=", 8) &&
!strncmp(*cpp, "IFS=", 4))
*cpp2++ = *cpp;
}
*cpp2 = 0;
}
/* /*
* cleanup() * cleanup()
* *