diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-07-27 20:00:33 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-08-03 14:52:16 +0200 |
commit | 70493828032abc74e5134563a915c4a3ccdde7f2 (patch) | |
tree | 5359e1685eeceb18a35166f3ec32f58986aaf9a1 | |
parent | 6af760f3b263d3ddfa80a4168ad0a0c5e59bae1f (diff) |
execute: don't set $SHELL and $HOME for services, if they don't contain interesting data
-rw-r--r-- | src/core/execute.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 0bf80fc437..77a75245cb 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1724,6 +1724,17 @@ static int exec_child( *exit_status = EXIT_USER; return r; } + + /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */ + if (isempty(home) || path_equal(home, "/")) + home = NULL; + + if (isempty(shell) || PATH_IN_SET(shell, + "/bin/nologin", + "/sbin/nologin", + "/usr/bin/nologin", + "/usr/sbin/nologin")) + shell = NULL; } if (context->group) { |