mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2025-12-27 23:20:12 +01:00
cli: ignore PAGER when escalating privileges
nmcli typically doesn't run setuid, nor uses file capabilities or is labelled for a SELinux domain trainsition upon execution. But in case anyone has any reason to do that, we should follow good security practices and not exec whatever is set in the environment.
This commit is contained in:
Lubomir Rintel
parent
98afc76184
commit
fb8ea059e6
1 changed files with 3 additions and 1 deletions
|
|
@ -29,6 +29,7 @@
|
|||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <sys/auxv.h>
|
||||
#include <sys/prctl.h>
|
||||
|
||||
#include "nm-client-utils.h"
|
||||
|
|
@ -1489,7 +1490,8 @@ nmc_terminal_spawn_pager (const NmcConfig *nmc_config)
|
|||
|| nm_cli.pager_pid > 0
|
||||
|| nmc_config->print_output == NMC_PRINT_TERSE
|
||||
|| !use_colors (nmc_config->use_colors)
|
||||
|| g_strcmp0 (pager, "") == 0)
|
||||
|| g_strcmp0 (pager, "") == 0
|
||||
|| getauxval (AT_SECURE))
|
||||
return;
|
||||
|
||||
if (pipe (fd) == -1) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue