Skip to content
Permalink
Browse files

pam-systemd: use secure_getenv() rather than getenv()

And explain why in a comment.
  • Loading branch information...
poettering committed Feb 4, 2019
1 parent 565026b commit 83d4ab55336ff8a0643c6aa627b31e351a24040a
Showing with 10 additions and 3 deletions.
  1. +10 −3 src/login/pam_systemd.c
@@ -327,14 +327,21 @@ static const char* getenv_harder(pam_handle_t *handle, const char *key, const ch
assert(handle);
assert(key);

/* Looks for an environment variable, preferrably in the environment block associated with the specified PAM
* handle, falling back to the process' block instead. */
/* Looks for an environment variable, preferrably in the environment block associated with the
* specified PAM handle, falling back to the process' block instead. Why check both? Because we want
* to permit configuration of session properties from unit files that invoke PAM services, so that
* PAM services don't have to be reworked to set systemd-specific properties, but these properties
* can still be set from the unit file Environment= block. */

v = pam_getenv(handle, key);
if (!isempty(v))
return v;

v = getenv(key);
/* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally
* they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they
* currently don't (to be precise, they clean up the environment they pass to their children, but
* not their own environ[]). */
v = secure_getenv(key);
if (!isempty(v))
return v;

0 comments on commit 83d4ab5

Please sign in to comment.
You can’t perform that action at this time.