From fb8ea059e62ca747d59d6e9efeb70c5456ab6f3b Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 30 Oct 2017 13:13:02 +0100
Subject: [PATCH] cli: ignore PAGER when escalating privileges

nmcli typically doesn't run setuid, nor uses file capabilities or is labelled
for a SELinux domain trainsition upon execution.

But in case anyone has any reason to do that, we should follow good
security practices and not exec whatever is set in the environment.
---
 clients/cli/utils.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/clients/cli/utils.c b/clients/cli/utils.c
index 2f450b40e1..570bfb98d4 100644
--- a/clients/cli/utils.c
+++ b/clients/cli/utils.c
@@ -29,6 +29,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <sys/auxv.h>
 #include <sys/prctl.h>
 
 #include "nm-client-utils.h"
@@ -1489,7 +1490,8 @@ nmc_terminal_spawn_pager (const NmcConfig *nmc_config)
 	    || nm_cli.pager_pid > 0
 	    || nmc_config->print_output == NMC_PRINT_TERSE
 	    || !use_colors (nmc_config->use_colors)
-	    || g_strcmp0 (pager, "") == 0)
+	    || g_strcmp0 (pager, "") == 0
+	    || getauxval (AT_SECURE))
 		return;
 
 	if (pipe (fd) == -1) {