summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Kaivo <jkk@ung.org>2021-02-01 12:36:27 -0500
committerJakob Kaivo <jkk@ung.org>2021-02-01 12:36:27 -0500
commit5fbe9702a191169cc259de7010c766e8a4c222f6 (patch)
tree14c4e7bcce0e927509c29854c5c00cac3a10c60a
parenta9e81927df6906e563492bc18e068e4184909794 (diff)
set PATH to reasonable default before executing SUID wrapper
-rw-r--r--privexec/privexec.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/privexec/privexec.c b/privexec/privexec.c
index 4e3816c..11b14da 100644
--- a/privexec/privexec.c
+++ b/privexec/privexec.c
@@ -1,9 +1,16 @@
#define _POSIX_C_SOURCE 200809L
+#include <limits.h>
#include <spawn.h>
#include <stdio.h>
+#include <stdlib.h>
#include <sys/wait.h>
+#include <string.h>
#include <unistd.h>
+#ifndef ARG_MAX
+#define ARG_MAX _POSIX_ARG_MAX
+#endif
+
#ifndef PATH_CHECK
#define PATH_CHECK "/usr/local/lib/privexec/check"
#endif
@@ -12,6 +19,10 @@
#define PATH_EXEC "/usr/local/lib/privexec/exec"
#endif
+#ifndef DEFAULT_PATH
+#define DEFAULT_PATH "/bin:/usr/bin"
+#endif
+
static int exec_with_privileges(char *argv[])
{
argv[0] = PATH_EXEC;
@@ -64,6 +75,12 @@ int main(int argc, char *argv[])
}
if (check_privileges(argv) == 0) {
+ char path[ARG_MAX];
+ if (confstr(_CS_PATH, path, sizeof(path)) < 1) {
+ strcpy(path, DEFAULT_PATH);
+ }
+ setenv("PATH", path, 1);
+
return exec_with_privileges(argv);
}