[patch] xfce4-session, libxfce4util: xfce4-shutdown features and code reorg

Sun Jan 11 13:38:53 CET 2004

Brian J. Tarricone wrote:
> Benedikt Meurer wrote:
> 
>> I committed your changes to HEAD (w/ some modifications, since setting 
>> environ to NULL doesn't like a good idea to me actually :-). Version 
>> is now 0.2.0.
> 
> hmm... a bit OT, but how _would_ you clear the environment otherwise in 
> the absence of clearenv()?  the secure programming howto[1] advocates 
> seting environ = NULL for that purpose.  my worry is that on a system 
> without clearenv() (e.g., solaris 8 doesn't appear to have it), it's 
> possible to fool xfce4-shutdown into running arbitrary binaries as root 
> if you don't clear environ before calling g_spawn_command_line_sync() 
> (assuming xfce4-shutdown was compiled with any of the three new 
> configure options i added, and that xfce4-shutdown is installed suid root).

IMHO it'd be better to use execve()/execle() and specify a new environment for 
the command other than modifying the environment of the current process.

>    -brian

regards,
Benedikt

-- 
NetBSD Operating system:                       http://www.NetBSD.org/
pkgsrc "Work in progress":                  http://pkgsrc-wip.sf.net/
XFce desktop environment:                        http://www.xfce.org/
German Unix-AG Association:                   http://www.unix-ag.org/
os-network:                                 http://www.os-network.de/

OpenPGP Key: http://www.home.unix-ag.org/bmeurer/#gpg