execute: don't set $SHELL and $HOME for services, if they don't contain interesting...

author Lennart Poettering <lennart@poettering.net>

Wed, 27 Jul 2016 18:00:33 +0000 (20:00 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 3 Aug 2016 12:52:16 +0000 (14:52 +0200)
author Lennart Poettering <lennart@poettering.net>
Wed, 27 Jul 2016 18:00:33 +0000 (20:00 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 3 Aug 2016 12:52:16 +0000 (14:52 +0200)
diff --git a/src/core/execute.c b/src/core/execute.c

index 0bf80fc..77a7524 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1724,6 +1724,17 @@ static int exec_child(
                                  *exit_status = EXIT_USER;
                                  return r;
                          }
+
+                        /* Don't set $HOME or $SHELL if they are are not particularly enlightening anyway. */
+                        if (isempty(home) || path_equal(home, "/"))
+                                home = NULL;
+
+                        if (isempty(shell) || PATH_IN_SET(shell,
+                                                          "/bin/nologin",
+                                                          "/sbin/nologin",
+                                                          "/usr/bin/nologin",
+                                                          "/usr/sbin/nologin"))
+                                shell = NULL;
                  }
  
                  if (context->group) {
author	Lennart Poettering <lennart@poettering.net>
	Wed, 27 Jul 2016 18:00:33 +0000 (20:00 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 3 Aug 2016 12:52:16 +0000 (14:52 +0200)