On Thursday 24 of May 2007, Thiago Macieira wrote:
> Lubos Lunak said:
> >  We should probably find a universal solution for this, as this applies
> > to more LD_* stuff (LD_LIBRARY_PATH comes to mind). The wrapper could
> > even restore them itself, the slight problem is that the list of reset
> > vars for setuid apps is hidden somewhere in libc sources and grows over
> > the time. An
> > obvious solution could be dropping the wrapper, but I'd prefer not to -
> > this
> > cluebat actually makes OOM conditions to be handled quite fine :(.
>
> Actually, that's not hard to do...
>
> We need a wrapper for the wrapper. One that dumps the environment to a
> file and then starts the wrapper. The wrapper, in turn, after dropping its
> privileges, resets the environment.
>
> The only thing is that start_kdeinit is meant to be a very small program
> to avoid security issues. But it can be done. Read stdin, change the \n to
> \0 then build a NULL-terminated index of entries. Pass that to execvpe(3).
>
> That resets all of the environment, regardless of the list that libc keeps
> (whichever libc that is, on whichever system).

 That's an excellent idea. Done.

-- 
Lubos Lunak
KDE developer
--------------------------------------------------------------
SUSE LINUX, s.r.o.   e-mail: l.lunak@suse.cz , l.lunak@kde.org
Lihovarska 1060/12   tel: +420 284 028 972
190 00 Prague 9      fax: +420 284 028 951
Czech Republic       http//www.suse.cz
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<