* libmisc/env.c: Fix sanitize_env() noslash support. This fixes
Alioth#311740. Thanks to Jason Cassell.
This commit is contained in:
parent
291b28ac52
commit
5ba95d4c53
@ -1,10 +1,15 @@
|
|||||||
|
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* libmisc/env.c: Fix sanitize_env() noslash support. This fixes
|
||||||
|
Alioth#311740.
|
||||||
|
|
||||||
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
|
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/su.c: Do not sanitize the environment. This breaks
|
* src/su.c: Do not sanitize the environment. This breaks
|
||||||
--preserve-environment. This sanitation was disabled on Debian
|
--preserve-environment. This sanitation was disabled on Debian
|
||||||
since quite some time with no reported issues, and sanitize_env()
|
since quite some time with no reported issues, and sanitize_env()
|
||||||
documentation agrees that it should be useless as all modern
|
documentation agrees that it should be useless as all modern
|
||||||
Unixes will handle setuid executables properly. This Fixes
|
Unixes will handle setuid executables properly. This fixes
|
||||||
Alioth#312287.
|
Alioth#312287.
|
||||||
|
|
||||||
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
|
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
@ -251,7 +251,7 @@ void sanitize_env (void)
|
|||||||
if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
|
if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (strchr (*cur, '/') != NULL) {
|
if (strchr (*cur, '/') == NULL) {
|
||||||
continue; /* OK */
|
continue; /* OK */
|
||||||
}
|
}
|
||||||
for (move = cur; NULL != *move; move++) {
|
for (move = cur; NULL != *move; move++) {
|
||||||
|
Loading…
Reference in New Issue
Block a user