From 70493828032abc74e5134563a915c4a3ccdde7f2 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Jul 2016 20:00:33 +0200
Subject: execute: don't set $SHELL and $HOME for services, if they don't
 contain interesting data

---
 src/core/execute.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/core')

diff --git a/src/core/execute.c b/src/core/execute.c
index 0bf80fc437..77a75245cb 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1724,6 +1724,17 @@ static int exec_child(
                                 *exit_status = EXIT_USER;
                                 return r;
                         }
+
+                        /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */
+                        if (isempty(home) || path_equal(home, "/"))
+                                home = NULL;
+
+                        if (isempty(shell) || PATH_IN_SET(shell,
+                                                          "/bin/nologin",
+                                                          "/sbin/nologin",
+                                                          "/usr/bin/nologin",
+                                                          "/usr/sbin/nologin"))
+                                shell = NULL;
                 }
 
                 if (context->group) {
-- 
cgit v1.2.3-54-g00ecf