I would suggest maybe instead doing: int main(int argc, char *argv[], char *envp[]) { ... if (getuid() != geteuid()) envp = {NULL, }; (void)execve(argv[0], argv, envp); ... }
Or at least name the variable something like empty_envp to distinguish it more clearly from the process's environment since it's common to have a main signature of int main(int argc, char *argv[], char *envp[]). --Jeremy > On Oct 18, 2015, at 10:26, Julien Cristau <jcris...@debian.org> wrote: > > When the server is privileged, we shouldn't be passing the user's > environment directly. > > Signed-off-by: Julien Cristau <jcris...@debian.org> > --- > hw/xfree86/xorg-wrapper.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > It's possible some variables should be passed, in which case we could > use a whitelist; in my testing this patch seemed to work, though. > > diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c > index 22e97ad..d6efb23 100644 > --- a/hw/xfree86/xorg-wrapper.c > +++ b/hw/xfree86/xorg-wrapper.c > @@ -190,6 +190,7 @@ int main(int argc, char *argv[]) > int total_cards = 0; > int allowed = CONSOLE_ONLY; > int needs_root_rights = -1; > + char *const envp[1] = { NULL, }; > > progname = argv[0]; > > @@ -265,7 +266,10 @@ int main(int argc, char *argv[]) > } > > argv[0] = buf; > - (void) execv(argv[0], argv); > + if (getuid() == geteuid()) > + (void) execv(argv[0], argv); > + else > + (void) execve(argv[0], argv, envp); > fprintf(stderr, "%s: Failed to execute %s: %s\n", > progname, buf, strerror(errno)); > exit(1); > -- > 2.6.1 > > _______________________________________________ > xorg-devel@lists.x.org: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel