diff options
author | Marc Espie <espie@cvs.openbsd.org> | 2016-02-23 17:45:44 +0000 |
---|---|---|
committer | Marc Espie <espie@cvs.openbsd.org> | 2016-02-23 17:45:44 +0000 |
commit | 4a9ad9485bcced7cd2ecbd149f3afa8db904b0cc (patch) | |
tree | 954a868f03a1d0750fb68ce63e0348d8aa55704d | |
parent | 45da9a19adae1b4bb7d6908e55b306ca1af616cf (diff) |
sanitize environment thru a whitelist. Only pass what's relevant for ftp and
ftp clones.
Give "decent" values to your normal environment variables, so that commands
won't be surprised.
This fixes the spurious warnings from ftp:// url reported by Jiri B.
Much feedback from deraadt@, zhuk@, sthen@
-rw-r--r-- | usr.sbin/pkg_add/OpenBSD/PackageRepository.pm | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm index 8bb8f510965..de0a7a78de8 100644 --- a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm +++ b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: PackageRepository.pm,v 1.117 2016/02/09 10:02:27 espie Exp $ +# $OpenBSD: PackageRepository.pm,v 1.118 2016/02/23 17:45:43 espie Exp $ # # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org> # @@ -586,8 +586,38 @@ sub drop_privileges_and_setup_env $< = $uid; $> = $uid; } - $ENV{LC_ALL} = 'C'; # don't error out yet if we can't change. + + # create sanitized env for ftp + my %newenv = ( + HOME => '/var/empty', + USER => '_pfetch', + LOGNAME => '_pfetch', + SHELL => '/bin/sh', + LC_ALL => 'C', # especially, laundry error messages + PATH => '/bin:/usr/bin' + ); + + # copy selected stuff; + for my $k (qw( + TERM + FTPMODE + FTPSERVER + FTPSERVERPORT + ftp_proxy + http_proxy + http_cookies + ALL_PROXY + FTP_PROXY + HTTPS_PROXY + HTTP_PROXY + NO_PROXY)) { + if (exists $ENV{$k}) { + $newenv{$k} = $ENV{$k}; + } + } + # don't forget to swap! + %ENV = %newenv; } |