Bug#355005: Acknowledgement (New -E option not to launder the environment)

Thu, 02 Mar 2006 09:49:31 -0800 

Err, I sent you a slightly out-of-date patch, which failed to move and
update the `This must be called _after_ initsetproctitle' comment.

Sorry.
Ian.

diff -ru orig/openbsd-inetd-0.20040915/debian/changelog 
openbsd-inetd-0.20040915/debian/changelog
--- orig/openbsd-inetd-0.20040915/debian/changelog      2006-03-02 
17:04:23.000000000 +0000
+++ openbsd-inetd-0.20040915/debian/changelog   2006-03-02 17:08:24.000000000 
+0000
@@ -1,3 +1,10 @@
+openbsd-inetd (0.20040915-1.0.99iwj2) unstable; urgency=low
+
+  * New -E option not to clobber the environment;
+    with documentation in inetd.8.
+
+ -- Ian Jackson <[EMAIL PROTECTED]>  Thu,  2 Mar 2006 17:08:24 +0000
+
 openbsd-inetd (0.20040915-1) unstable; urgency=low
 
   * New CVS snapshot.
Only in openbsd-inetd-0.20040915/debian: changelog~
diff -ru orig/openbsd-inetd-0.20040915/inetd.8 openbsd-inetd-0.20040915/inetd.8
--- orig/openbsd-inetd-0.20040915/inetd.8       2006-03-02 17:04:23.000000000 
+0000
+++ openbsd-inetd-0.20040915/inetd.8    2006-03-02 17:07:45.000000000 +0000
@@ -39,6 +39,7 @@
 .Nm inetd
 .Op Fl d
 .Op Fl l
+.Op Fl E
 .Op Fl R Ar rate
 .Op Ar configuration file
 .Sh DESCRIPTION
@@ -63,6 +64,13 @@
 .Bl -tag -width Ds
 .It Fl d
 Turns on debugging.
+.It Fl E
+Prevents
+.Nm inetd
+from laundering the environment.  Without this option a selection of
+environent variables believed by the authors to be harmful, including
+.Pa PATH ,
+will be removed and not inherited by services.
 .It Fl l
 Turns on libwrap connection logging. Internal services cannot be wrapped.
 When enabled,
diff -ru orig/openbsd-inetd-0.20040915/inetd.c openbsd-inetd-0.20040915/inetd.c
--- orig/openbsd-inetd-0.20040915/inetd.c       2006-03-02 17:04:23.000000000 
+0000
+++ openbsd-inetd-0.20040915/inetd.c    2006-03-02 17:13:20.000000000 +0000
@@ -184,6 +184,7 @@
 
 int     global_queuelen = 128;
 int     debug = 0;
+int      keepenv = 0;
 int     nsock, maxsock;
 fd_set *allsockp;
 int     allsockn;
@@ -356,10 +357,8 @@
        progname = progname ? progname + 1 : argv[0];
 
        initsetproctitle(argc, argv, envp);
-       /* This must be called _after_ initsetproctitle */
-       discard_stupid_environment();
 
-       while ((ch = getopt(argc, argv, "dilq:R:")) != -1)
+       while ((ch = getopt(argc, argv, "dilEq:R:")) != -1)
                switch (ch) {
                case 'd':
                        debug = 1;
@@ -367,6 +366,9 @@
                case 'i':
                        nodaemon = 1;
                        break;
+               case 'E':
+                       keepenv = 1;
+                       break;
                case 'l':
 #ifdef LIBWRAP
                        lflag = 1;
@@ -404,6 +406,9 @@
        argc -= optind;
        argv += optind;
 
+       /* This must be called _after_ initsetproctitle and arg parsing */
+       discard_stupid_environment();
+
        uid = getuid();
        if (uid != 0)
                CONFIG = NULL;
@@ -2289,6 +2294,9 @@
                };
 
        int i, k = 0;
+
+       if (keepenv)
+               return;
        for (i = 0; __environ[i]; i++) {
                int found = 0, j;
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to