packages: libgnomesu/libgnomesu-safe-path.patch (NEW) - merged from OpenSUS...
hawk
hawk at pld-linux.org
Thu Nov 25 10:41:23 CET 2010
Author: hawk Date: Thu Nov 25 09:41:23 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- merged from OpenSUSE: when making $PATH safer, try to keep what's
relevant from $PATH
---- Files affected:
packages/libgnomesu:
libgnomesu-safe-path.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/libgnomesu/libgnomesu-safe-path.patch
diff -u /dev/null packages/libgnomesu/libgnomesu-safe-path.patch:1.1
--- /dev/null Thu Nov 25 10:41:23 2010
+++ packages/libgnomesu/libgnomesu-safe-path.patch Thu Nov 25 10:41:17 2010
@@ -0,0 +1,44 @@
+Index: libgnomesu-1.0.0/su-backend/common.c
+===================================================================
+--- libgnomesu-1.0.0.orig/su-backend/common.c
++++ libgnomesu-1.0.0/su-backend/common.c
+@@ -170,10 +170,35 @@ modify_environment (const struct passwd
+ || (strlen (path) > 2 && strcmp (path + strlen (path) - 2, ":.") == 0)
+ || strcmp (path, ".") == 0))
+ {
+- /* Reset PATH to a reasonably safe list of directories */
+- path = (pw->pw_uid) ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH;
+- setenv ("PATH", path, 1);
+- } else if (!path)
++ char **paths;
++ char **new_paths;
++ int path_len;
++ int i, j;
++
++ paths = g_strsplit (path, ":", -1);
++ path_len = g_strv_length (paths);
++ new_paths = g_new0 (char *, path_len);
++
++ j = 0;
++ for (i = 0; i < path_len; i++) {
++ if (paths[i] && !strchr(paths[i], '.')) {
++ new_paths[j++] = g_strdup (paths[i]);
++ }
++ }
++
++ g_strfreev (paths);
++ if (j != 0) {
++ char *new_path;
++ new_path = g_strjoinv (":", new_paths);
++ setenv ("PATH", new_path, 1);
++ g_free (new_path);
++ } else {
++ /* make sure we set PATH to something below */
++ path = NULL;
++ }
++ }
++
++ if (!path)
+ xputenv (concat ("PATH", "=",
+ (pw->pw_uid) ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH));
+
================================================================
More information about the pld-cvs-commit
mailing list