summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc Espie <espie@cvs.openbsd.org>2016-02-23 17:45:44 +0000
committerMarc Espie <espie@cvs.openbsd.org>2016-02-23 17:45:44 +0000
commit4a9ad9485bcced7cd2ecbd149f3afa8db904b0cc (patch)
tree954a868f03a1d0750fb68ce63e0348d8aa55704d
parent45da9a19adae1b4bb7d6908e55b306ca1af616cf (diff)
sanitize environment thru a whitelist. Only pass what's relevant for ftp and
ftp clones. Give "decent" values to your normal environment variables, so that commands won't be surprised. This fixes the spurious warnings from ftp:// url reported by Jiri B. Much feedback from deraadt@, zhuk@, sthen@
-rw-r--r--usr.sbin/pkg_add/OpenBSD/PackageRepository.pm34
1 files changed, 32 insertions, 2 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
index 8bb8f510965..de0a7a78de8 100644
--- a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
@@ -1,5 +1,5 @@
# ex:ts=8 sw=4:
-# $OpenBSD: PackageRepository.pm,v 1.117 2016/02/09 10:02:27 espie Exp $
+# $OpenBSD: PackageRepository.pm,v 1.118 2016/02/23 17:45:43 espie Exp $
#
# Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
#
@@ -586,8 +586,38 @@ sub drop_privileges_and_setup_env
$< = $uid;
$> = $uid;
}
- $ENV{LC_ALL} = 'C';
# don't error out yet if we can't change.
+
+ # create sanitized env for ftp
+ my %newenv = (
+ HOME => '/var/empty',
+ USER => '_pfetch',
+ LOGNAME => '_pfetch',
+ SHELL => '/bin/sh',
+ LC_ALL => 'C', # especially, laundry error messages
+ PATH => '/bin:/usr/bin'
+ );
+
+ # copy selected stuff;
+ for my $k (qw(
+ TERM
+ FTPMODE
+ FTPSERVER
+ FTPSERVERPORT
+ ftp_proxy
+ http_proxy
+ http_cookies
+ ALL_PROXY
+ FTP_PROXY
+ HTTPS_PROXY
+ HTTP_PROXY
+ NO_PROXY)) {
+ if (exists $ENV{$k}) {
+ $newenv{$k} = $ENV{$k};
+ }
+ }
+ # don't forget to swap!
+ %ENV = %newenv;
}