Do not set SHELL to utmp ever
SHELL must be set to the SHELL of the user, but it was possible set it to utmp.
This commit is contained in:
		
							
								
								
									
										20
									
								
								st.c
									
									
									
									
									
								
							
							
						
						
									
										20
									
								
								st.c
									
									
									
									
									
								
							| @@ -1146,7 +1146,7 @@ die(const char *errstr, ...) { | |||||||
|  |  | ||||||
| void | void | ||||||
| execsh(void) { | execsh(void) { | ||||||
| 	char **args, *sh; | 	char **args, *sh, *prog; | ||||||
| 	const struct passwd *pw; | 	const struct passwd *pw; | ||||||
| 	char buf[sizeof(long) * 8 + 1]; | 	char buf[sizeof(long) * 8 + 1]; | ||||||
|  |  | ||||||
| @@ -1158,13 +1158,15 @@ execsh(void) { | |||||||
| 			die("who are you?\n"); | 			die("who are you?\n"); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	if (utmp) | 	sh = (pw->pw_shell[0]) ? pw->pw_shell : shell; | ||||||
| 		sh = utmp; | 	if(opt_cmd) | ||||||
| 	else if (pw->pw_shell[0]) | 		prog = opt_cmd[0]; | ||||||
| 		sh = pw->pw_shell; | 	else if(utmp) | ||||||
|  | 		prog = utmp; | ||||||
| 	else | 	else | ||||||
| 		sh = shell; | 		prog = sh; | ||||||
| 	args = (opt_cmd) ? opt_cmd : (char *[]){sh, NULL}; | 	args = (opt_cmd) ? opt_cmd : (char *[]) {prog, NULL}; | ||||||
|  |  | ||||||
| 	snprintf(buf, sizeof(buf), "%lu", xw.win); | 	snprintf(buf, sizeof(buf), "%lu", xw.win); | ||||||
|  |  | ||||||
| 	unsetenv("COLUMNS"); | 	unsetenv("COLUMNS"); | ||||||
| @@ -1172,7 +1174,7 @@ execsh(void) { | |||||||
| 	unsetenv("TERMCAP"); | 	unsetenv("TERMCAP"); | ||||||
| 	setenv("LOGNAME", pw->pw_name, 1); | 	setenv("LOGNAME", pw->pw_name, 1); | ||||||
| 	setenv("USER", pw->pw_name, 1); | 	setenv("USER", pw->pw_name, 1); | ||||||
| 	setenv("SHELL", args[0], 1); | 	setenv("SHELL", sh, 1); | ||||||
| 	setenv("HOME", pw->pw_dir, 1); | 	setenv("HOME", pw->pw_dir, 1); | ||||||
| 	setenv("TERM", termname, 1); | 	setenv("TERM", termname, 1); | ||||||
| 	setenv("WINDOWID", buf, 1); | 	setenv("WINDOWID", buf, 1); | ||||||
| @@ -1184,7 +1186,7 @@ execsh(void) { | |||||||
| 	signal(SIGTERM, SIG_DFL); | 	signal(SIGTERM, SIG_DFL); | ||||||
| 	signal(SIGALRM, SIG_DFL); | 	signal(SIGALRM, SIG_DFL); | ||||||
|  |  | ||||||
| 	execvp(args[0], args); | 	execvp(prog, args); | ||||||
| 	exit(EXIT_FAILURE); | 	exit(EXIT_FAILURE); | ||||||
| } | } | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user