Hi,
On 19-10-15 12:57, Julien Cristau wrote:
On Mon, Oct 19, 2015 at 10:43:45 +0200, Hans de Goede wrote:
Hi,
On 18-10-15 19:26, Julien Cristau wrote:
When the server is privileged, we shouldn't be passing the user's
environment directly.
Signed-off-by: Julien Cristau
I've no real object
On Mon, Oct 19, 2015 at 10:43:45 +0200, Hans de Goede wrote:
> Hi,
>
> On 18-10-15 19:26, Julien Cristau wrote:
> >When the server is privileged, we shouldn't be passing the user's
> >environment directly.
> >
> >Signed-off-by: Julien Cristau
>
> I've no real objections against this, and I can
Hi,
On 18-10-15 19:26, Julien Cristau wrote:
When the server is privileged, we shouldn't be passing the user's
environment directly.
Signed-off-by: Julien Cristau
I've no real objections against this, and I can see this being a good
thing from a security pov, but I'm afraid this may cause re
I would suggest maybe instead doing:
int main(int argc, char *argv[], char *envp[]) {
...
if (getuid() != geteuid())
envp = {NULL, };
(void)execve(argv[0], argv, envp);
...
}
Or at least name the variable something like empty_envp to distinguish it more
clearly from the p
When the server is privileged, we shouldn't be passing the user's
environment directly.
Signed-off-by: Julien Cristau
---
hw/xfree86/xorg-wrapper.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
It's possible some variables should be passed, in which case we could
use a whitelist; i