blob: bc6b0a91c2a49b7b849d2b96bc4fcababae47348 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 Oct 2020 10:54:48 +0200
Subject: [PATCH] pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()
I can't think of any real vulnerability about this, but it still feels
better to check a variable with "secure" in its name with
secure_getenv() rather than plain getenv().
Paranoia FTW!
CVE: CVE-2023-26604
Upstream-Status: Backport [https://github.com/systemd/systemd/pull/17359/commits/b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c]
Comments: Hunk refreshed
Signed-off-by: rajmohan r <rajmohan.r@kpit.com>
---
src/shared/pager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/pager.c b/src/shared/pager.c
index a72d9ea..250519c 100644
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@@ -170,7 +170,7 @@ int pager_open(PagerFlags flags) {
* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
* know to be good. */
- int use_secure_mode = getenv_bool("SYSTEMD_PAGERSECURE");
+ int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
bool trust_pager = use_secure_mode >= 0;
if (use_secure_mode == -ENXIO) {
uid_t uid;
|
