X-Git-Url: https://ruderich.org/simon/gitweb/?p=ptyas%2Fptyas.git;a=blobdiff_plain;f=ptyas.c;h=ab99f8ede71cf352d4d7aa2ef9c2af83a5b4ef06;hp=1deda82a2e48cf265a73f5b86789bb98395fa2c9;hb=c8ffdb4777654018284c63d7824efca50e5d65b7;hpb=825f5f0f639d76e5ef05687408eb3225ba9c93fa

diff --git a/ptyas.c b/ptyas.c
index 1deda82..ab99f8e 100644
--- a/ptyas.c
+++ b/ptyas.c
@@ -2,7 +2,7 @@
  * Run the login shell or command as the given user in a new pty to prevent
  * terminal injection attacks.
  *
- * Copyright (C) 2016  Simon Ruderich
+ * Copyright (C) 2016-2017  Simon Ruderich
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,6 +39,12 @@
 #include <termios.h>
 #include <unistd.h>
 
+/* Default PATH for new process.*/
+#ifndef PTYAS_DEFAULT_PATH
+/* Default user PATH from Debian's /etc/profile, change as needed. */
+# define PTYAS_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
+#endif
+
 
 static void die(const char *s) {
     perror(s);
@@ -113,7 +119,7 @@ static void drop_privileges_or_die(uid_t uid, gid_t gid) {
         die("setgroups");
     }
     if (getgroups(0, NULL) != 0) {
-        die_fmt("failed to drop all groups");
+        die_fmt("failed to drop all supplementary groups");
     }
 
     /* Dropping groups may require privileges, do that first. */
@@ -376,7 +382,7 @@ int main(int argc, char **argv) {
             snprintf_or_assert(envp_term, sizeof(envp_term), "TERM=%s", term);
 
             char *exec_envp[] = {
-                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+                "PATH=" PTYAS_DEFAULT_PATH,
                 envp_user,
                 envp_home,
                 term_orig ? envp_term : NULL,