The install-debuginfo C wrapper which is run by a non-root user clears the whole environment. However, since the installer asks for user input by the use of an environment variable, we have to create a whitelist of variables to keep when doing the environment purge.
Signed-off-by: Petr Kubat <[email protected]> --- .../abrt-action-install-debuginfo-to-abrt-cache.c | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c index 60ac5c9..53be57a 100644 --- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c +++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c @@ -70,7 +70,35 @@ int main(int argc, char **argv) // We forgot to sanitize PYTHONPATH. And who knows what else we forgot // (especially considering *future* new variables of this kind). // We switched to clearing entire environment instead: + + // However since we communicate through environment variables + // we have to keep a whitelist of variables to keep. + static const char *whitelist[] = { + "REPORT_CLIENT_SLAVE" // Check if the app is being run as a slave + }; + int wlsize = sizeof(whitelist)/sizeof(char*); + char *setlist[wlsize]; + char *p = NULL; + for (int i = 0; i < wlsize; i++) { + if ((p = getenv(whitelist[i])) != NULL) { + setlist[i] = malloc(strlen(p)*sizeof(char*)); + setlist[i] = strncpy(setlist[i], p, strlen(p)); + } + else + setlist[i] = NULL; + } + // Now we can clear the environment clearenv(); + // And once again set whitelisted variables + for (int i = 0; i < wlsize; i++) { + if (setlist[i] != NULL) { + int slsize = sizeof(setlist)/sizeof(char*); + char buffer[slsize+wlsize+1]; + sprintf(buffer, "%s=%s", whitelist[i], setlist[i]); + putenv(buffer); + free(setlist[i]); + } + } #else /* Clear dangerous stuff from env */ static const char forbid[] = -- 1.8.3.1
