[hackers] [ubase][PATCH 3/4] su: check $SHELL for validity

From: neeshy <neeshy_AT_tfwno.gf>
Date: Mon, 12 Feb 2024 21:41:02 -0500

If $SHELL isn't defined in the environment, the call to execve will
fail when -p is specified. Fallback to the user's login shell if $SHELL
is invalid.

---
 su.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/su.c b/su.c
index 812aa43..4fc3c04 100644
--- a/su.c
+++ b/su.c
_AT_@ -28,7 +28,7 @@ int
 main(int argc, char *argv[])
 {
 	char *usr = "root", *pass;
-	char *shell, *term;
+	char *shell, *envshell, *term;
 	struct passwd *pw;
 	char *newargv[3];
 	uid_t uid;
_AT_@ -90,7 +90,9 @@ main(int argc, char *argv[])
 		newargv[2] = NULL;
 	} else {
 		if (pflag) {
-			shell = getenv("SHELL");
+			envshell = getenv("SHELL");
+			if (envshell && envshell[0] != '\0')
+				shell = envshell;
 		} else {
 			setenv("HOME", pw->pw_dir, 1);
 			setenv("SHELL", shell, 1);
-- 
2.43.1

Received on Tue Feb 13 2024 - 03:41:02 CET