From ba6c85665c06a8151f13469811365b71842b5fc4 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 9 Nov 2016 19:15:01 +0100
Subject: reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We can't cleanup the environment like e.g. sudo would do as you usually
want the environment to "leak" into these helpers, but some variables
like HOME should really not have still the value of the root user – it
could confuse the helpers (USER) and HOME isn't accessible anyhow.

Closes: 842877
(cherry picked from commit 34b491e735ad47c4805e63f3b83a659b8d10262b)
(cherry picked from commit cc5919076ba1c2dab773a6c06cb3dd5497f0c656)
---
 apt-pkg/contrib/fileutl.cc | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'apt-pkg')

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index fbf077841..e18fa7cf3 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2992,6 +2992,26 @@ bool DropPrivileges()							/*{{{*/
 	 return _error->Error("Could restore a uid to root, privilege dropping did not work");
    }
 
+   if (_config->FindB("APT::Sandbox::ResetEnvironment", true))
+   {
+      setenv("HOME", pw->pw_dir, 1);
+      setenv("USER", pw->pw_name, 1);
+      setenv("USERNAME", pw->pw_name, 1);
+      setenv("LOGNAME", pw->pw_name, 1);
+      auto const shell = flNotDir(pw->pw_shell);
+      if (shell == "false" || shell == "nologin")
+	 setenv("SHELL", "/bin/sh", 1);
+      else
+	 setenv("SHELL", pw->pw_shell, 1);
+      auto const tmpdir = getenv("TMPDIR");
+      if (tmpdir != nullptr)
+      {
+	 auto const ourtmpdir = GetTempDir();
+	 if (ourtmpdir != tmpdir)
+	    setenv("TMPDIR", ourtmpdir.c_str(), 1);
+      }
+   }
+
    return true;
 }
 									/*}}}*/
-- 
cgit v1.2.3