emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* libmisc/env.c: Fix sanitize_env() noslash support. This fixes

Browse Source 
Alioth#311740. Thanks to Jason Cassell.
This commit is contained in:
nekral-guest 2010-01-24 17:23:42 +00:00
parent 291b28ac52
commit 5ba95d4c53
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,10 +1,15 @@
2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/env.c: Fix sanitize_env() noslash support. This fixes
Alioth#311740.
2009-01-24 Nicolas François <nicolas.francois@centraliens.net> 2009-01-24 Nicolas François <nicolas.francois@centraliens.net>
* src/su.c: Do not sanitize the environment. This breaks * src/su.c: Do not sanitize the environment. This breaks
--preserve-environment. This sanitation was disabled on Debian --preserve-environment. This sanitation was disabled on Debian
since quite some time with no reported issues, and sanitize_env() since quite some time with no reported issues, and sanitize_env()
documentation agrees that it should be useless as all modern documentation agrees that it should be useless as all modern
Unixes will handle setuid executables properly. This Fixes Unixes will handle setuid executables properly. This fixes
Alioth#312287. Alioth#312287.
2009-01-24 Nicolas François <nicolas.francois@centraliens.net> 2009-01-24 Nicolas François <nicolas.francois@centraliens.net>

2
libmisc/env.c
View File

@ -251,7 +251,7 @@ void sanitize_env (void)
if (strncmp (*cur, *bad, strlen (*bad)) != 0) { if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
continue; continue;
} }
if (strchr (*cur, '/') != NULL) { if (strchr (*cur, '/') == NULL) {
continue; /* OK */ continue; /* OK */
} }
for (move = cur; NULL != *move; move++) { for (move = cur; NULL != *move; move++) {