diff options
author | Guido van Rossum <guido@python.org> | 1997-03-11 18:24:21 (GMT) |
---|---|---|
committer | Guido van Rossum <guido@python.org> | 1997-03-11 18:24:21 (GMT) |
commit | 80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb (patch) | |
tree | e61c38aa2e204843aa6c54a83d385ab546677eaa /Misc/setuid-prog.c | |
parent | b5dc5e3d7ea44ee4d029d26c98bc99deeffee346 (diff) | |
download | cpython-80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb.zip cpython-80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb.tar.gz cpython-80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb.tar.bz2 |
Zap all env vars beginning with PYTHON to prevent an obvious form of attack.
Diffstat (limited to 'Misc/setuid-prog.c')
-rw-r--r-- | Misc/setuid-prog.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/setuid-prog.c b/Misc/setuid-prog.c index 6f25493..b49438a 100644 --- a/Misc/setuid-prog.c +++ b/Misc/setuid-prog.c @@ -105,6 +105,8 @@ clean_environ(void) **p = 'X'; else if (strncmp(*p, "_RLD", 4) == 0) **p = 'X'; + else if (strncmp(*p, "PYTHON", 6) == 0) + **p = 'X'; else if (strncmp(*p, "IFS=", 4) == 0) *p = def_IFS; else if (strncmp(*p, "CDPATH=", 7) == 0) |