summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-27 20:00:33 +0200
committerLennart Poettering <lennart@poettering.net>2016-08-03 14:52:16 +0200
commit70493828032abc74e5134563a915c4a3ccdde7f2 (patch)
tree5359e1685eeceb18a35166f3ec32f58986aaf9a1
parent6af760f3b263d3ddfa80a4168ad0a0c5e59bae1f (diff)
execute: don't set $SHELL and $HOME for services, if they don't contain interesting data
-rw-r--r--src/core/execute.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 0bf80fc437..77a75245cb 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1724,6 +1724,17 @@ static int exec_child(
*exit_status = EXIT_USER;
return r;
}
+
+ /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */
+ if (isempty(home) || path_equal(home, "/"))
+ home = NULL;
+
+ if (isempty(shell) || PATH_IN_SET(shell,
+ "/bin/nologin",
+ "/sbin/nologin",
+ "/usr/bin/nologin",
+ "/usr/sbin/nologin"))
+ shell = NULL;
}
if (context->group) {