commit | 80eb3c02027b435ef1f0eaaa1406b43dd6eebaeb | [log] [tgz] |
---|---|---|
author | Guido van Rossum <guido@python.org> | Tue Mar 11 18:24:21 1997 +0000 |
committer | Guido van Rossum <guido@python.org> | Tue Mar 11 18:24:21 1997 +0000 |
tree | e61c38aa2e204843aa6c54a83d385ab546677eaa | |
parent | b5dc5e3d7ea44ee4d029d26c98bc99deeffee346 [diff] [blame] |
Zap all env vars beginning with PYTHON to prevent an obvious form of attack.
diff --git a/Misc/setuid-prog.c b/Misc/setuid-prog.c index 6f25493..b49438a 100644 --- a/Misc/setuid-prog.c +++ b/Misc/setuid-prog.c
@@ -105,6 +105,8 @@ **p = 'X'; else if (strncmp(*p, "_RLD", 4) == 0) **p = 'X'; + else if (strncmp(*p, "PYTHON", 6) == 0) + **p = 'X'; else if (strncmp(*p, "IFS=", 4) == 0) *p = def_IFS; else if (strncmp(*p, "CDPATH=", 7) == 0)