[hackers] [ubase][PATCH 4/4] su: don't set $PATH

From: neeshy <neeshy_AT_tfwno.gf>
Date: Mon, 12 Feb 2024 21:03:12 -0500

Just /bin is too restrictive, and login shells set the path anyway via
the default profile. Also, carrying the path over for non-login shells
conforms to the behavior of util-linux's su.

---
 config.def.h | 1 -
 su.c         | 5 -----
 2 files changed, 6 deletions(-)
diff --git a/config.def.h b/config.def.h
index 577833e..257cfac 100644
--- a/config.def.h
+++ b/config.def.h
_AT_@ -1,6 +1,5 @@
 /* See LICENSE file for copyright and license details. */
 
-#define ENV_SUPATH	"/bin"
 #define ENV_PATH	"/bin"
 #define PW_CIPHER	"$6$"	/* SHA-512 */
 #undef UTMP_PATH
diff --git a/su.c b/su.c
index 4fc3c04..4fc72e8 100644
--- a/su.c
+++ b/su.c
_AT_@ -9,7 +9,6 @@
 #include <string.h>
 #include <unistd.h>
 
-#include "config.h"
 #include "passwd.h"
 #include "util.h"
 
_AT_@ -104,10 +103,6 @@ main(int argc, char *argv[])
 		newargv[0] = shell;
 		newargv[1] = NULL;
 	}
-	if (strcmp(pw->pw_name, "root") == 0)
-		setenv("PATH", ENV_SUPATH, 1);
-	else
-		setenv("PATH", ENV_PATH, 1);
 	execve(shell, newargv, environ);
 	weprintf("execve %s:", shell);
 	return (errno == ENOENT) ? 127 : 126;
-- 
2.43.1

Received on Tue Feb 13 2024 - 03:03:12 CET