From 010ecfe9ea0b411cee531478ade49fb70b55d2ff Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 6 Mar 2023 08:57:59 +0100
Subject: [PATCH] nmcli: set LESSSECURE=1 (unless already set)

Apparently, the pager being able to execute commands takes some people
by surprpise, making their poor configuration choices have consequences.

Let's pray for some mercy on their souls with the LESSECURE variable,
which makes less less likely to conduct evil deeds.

Systemd also deals with this, but being systemd they make it as
complicated as possible. We just set it unconditionally, hoping nobody
wanted the extra functionality and they're in only for the scrolling.
If anyone minds they can just set LESSSECURE=0 and we'll leave it alone.

See also: SYSTEMD_PAGERSECURE in systemctl(1) manual.
---
 src/nmcli/utils.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/nmcli/utils.c b/src/nmcli/utils.c
index 2c155fff24..7d446cef24 100644
--- a/src/nmcli/utils.c
+++ b/src/nmcli/utils.c
@@ -1467,6 +1467,7 @@ nmc_terminal_spawn_pager(const NmcConfig *nmc_config)
     ev = g_get_environ();
     ev = g_environ_setenv(ev, "LESS", "FRSXMK", TRUE);
     ev = g_environ_setenv(ev, "LESSCHARSET", "utf-8", TRUE);
+    ev = g_environ_setenv(ev, "LESSSECURE", "1", FALSE);
 
     pager_pid = fork();
     if (pager_pid == -1) {