X-Git-Url: https://ruderich.org/simon/gitweb/?p=ptyas%2Fptyas.git;a=blobdiff_plain;f=ptyas.c;h=a67f8767cbb4e49a59df74bdcd59ff63df839828;hp=1deda82a2e48cf265a73f5b86789bb98395fa2c9;hb=af7bb9eee274610bef414eaa97e7686d66d2f352;hpb=825f5f0f639d76e5ef05687408eb3225ba9c93fa diff --git a/ptyas.c b/ptyas.c index 1deda82..a67f876 100644 --- a/ptyas.c +++ b/ptyas.c @@ -2,7 +2,7 @@ * Run the login shell or command as the given user in a new pty to prevent * terminal injection attacks. * - * Copyright (C) 2016 Simon Ruderich + * Copyright (C) 2016-2017 Simon Ruderich * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,6 +39,12 @@ #include #include +/* Default PATH for new process.*/ +#ifndef PTYAS_DEFAULT_PATH +/* Default user PATH from Debian's /etc/profile, change as needed. */ +# define PTYAS_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" +#endif + static void die(const char *s) { perror(s); @@ -113,7 +119,7 @@ static void drop_privileges_or_die(uid_t uid, gid_t gid) { die("setgroups"); } if (getgroups(0, NULL) != 0) { - die_fmt("failed to drop all groups"); + die_fmt("failed to drop all supplementary groups"); } /* Dropping groups may require privileges, do that first. */ @@ -211,9 +217,8 @@ static void proxy_input_between_ttys(int pty_master, int ctty, volatile pid_t *p if (ppoll(fds, nfds, NULL /* no timeout */, &sigset_old) == -1) { if (errno == EAGAIN || errno == EINTR) { continue; - } else { - perror("poll"); } + perror("poll"); break; } @@ -376,7 +381,7 @@ int main(int argc, char **argv) { snprintf_or_assert(envp_term, sizeof(envp_term), "TERM=%s", term); char *exec_envp[] = { - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PATH=" PTYAS_DEFAULT_PATH, envp_user, envp_home, term_orig ? envp_term : NULL,