* Run the login shell or command as the given user in a new pty to prevent
* terminal injection attacks.
*
- * Copyright (C) 2016 Simon Ruderich
+ * Copyright (C) 2016-2017 Simon Ruderich
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include <termios.h>
#include <unistd.h>
+/* Default PATH for new process.*/
+#ifndef PTYAS_DEFAULT_PATH
+/* Default user PATH from Debian's /etc/profile, change as needed. */
+# define PTYAS_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
+#endif
+
static void die(const char *s) {
perror(s);
die("setgroups");
}
if (getgroups(0, NULL) != 0) {
- die_fmt("failed to drop all groups");
+ die_fmt("failed to drop all supplementary groups");
}
/* Dropping groups may require privileges, do that first. */
snprintf_or_assert(envp_term, sizeof(envp_term), "TERM=%s", term);
char *exec_envp[] = {
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "PATH=" PTYAS_DEFAULT_PATH,
envp_user,
envp_home,
term_orig ? envp_term : NULL,