Attachment #23713 for bug #57238

View | Details | Raw Unified | Return to bug 57238
Collapse All | Expand All

Lines 65-70 Link Here

(-)coreutils-5.2.1/src/su.c (-2 / +33 lines)
65	-s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd	65	-s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
66	unless not the superuser and USER's shell is	66	unless not the superuser and USER's shell is
67	restricted.	67	restricted.
		68	-x, --no-x Removes the DISPLAY environment variable, useful when
		69	changing to a user you don't trust completely.
68		70
69	Compile-time options:	71	Compile-time options:
70	-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.	72	-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
Lines 173-178 Link Here
173	/* If nonzero, simulate a login instead of just starting a shell. */	175	/* If nonzero, simulate a login instead of just starting a shell. */
174	static int simulate_login;	176	static int simulate_login;
175		177
		178	/* If nonzero, remove the DISPLAY environment variable */
		179	static int remove_display;
		180
176	/* If nonzero, change some environment vars to indicate the user su'd to. */	181	/* If nonzero, change some environment vars to indicate the user su'd to. */
177	static int change_environment;	182	static int change_environment;
178		183
Lines 183-188 Link Here
183	{"login", no_argument, NULL, 'l'},	188	{"login", no_argument, NULL, 'l'},
184	{"preserve-environment", no_argument, &change_environment, 0},	189	{"preserve-environment", no_argument, &change_environment, 0},
185	{"shell", required_argument, 0, 's'},	190	{"shell", required_argument, 0, 's'},
		191	{"no-x", no_argument, NULL, 'x'},
186	{GETOPT_HELP_OPTION_DECL},	192	{GETOPT_HELP_OPTION_DECL},
187	{GETOPT_VERSION_OPTION_DECL},	193	{GETOPT_VERSION_OPTION_DECL},
188	{0, 0, 0, 0}	194	{0, 0, 0, 0}
Lines 532-537 Link Here
532	#endif /* !USE_PAM */	538	#endif /* !USE_PAM */
533	}	539	}
534		540
		541	/* Check to see if the DISPLAY environment variable needs to be
		542	cleared */
		543	static void
		544	modify_display ()
		545	{
		546	if (remove_display)
		547	unsetenv ("DISPLAY");
		548	}
		549
535	/* Update `environ' for the new shell based on PW, with SHELL being	550	/* Update `environ' for the new shell based on PW, with SHELL being
536	the value for the SHELL environment variable. */	551	the value for the SHELL environment variable. */
537		552
Lines 539-544 Link Here
539	modify_environment (const struct passwd pw, const char shell)	554	modify_environment (const struct passwd pw, const char shell)
540	{	555	{
541	char *term;	556	char *term;
		557	char *display;
		558	char *xauthority;
542		559
543	#ifdef USE_PAM	560	#ifdef USE_PAM
544	/* Export env variables declared by PAM modules */	561	/* Export env variables declared by PAM modules */
Lines 556-568 Link Here
556		573
557	if (simulate_login)	574	if (simulate_login)
558	{	575	{
559	/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.	576	/* Leave TERM, DISPLAY, XAUTHORITY unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
560	Unset all other environment variables. */	577	Unset all other environment variables. */
561	term = getenv ("TERM");	578	term = getenv ("TERM");
		579	display = getenv ("DISPLAY");
		580	xauthority = getenv ("XAUTHORITY");
562	environ = xmalloc (2 * sizeof (char *));	581	environ = xmalloc (2 * sizeof (char *));
563	environ[0] = 0;	582	environ[0] = 0;
564	if (term)	583	if (term)
565	xputenv (concat ("TERM", "=", term));	584	xputenv (concat ("TERM", "=", term));
		585	if (display)
		586	xputenv (concat ("DISPLAY", "=", display));
		587	if (xauthority)
		588	xputenv (concat ("XAUTHORITY", "=", xauthority));
566	xputenv (concat ("HOME", "=", pw->pw_dir));	589	xputenv (concat ("HOME", "=", pw->pw_dir));
567	xputenv (concat ("SHELL", "=", shell));	590	xputenv (concat ("SHELL", "=", shell));
568	xputenv (concat ("USER", "=", pw->pw_name));	591	xputenv (concat ("USER", "=", pw->pw_name));
Lines 805-810 Link Here
805	-m, --preserve-environment do not reset environment variables\n\	828	-m, --preserve-environment do not reset environment variables\n\
806	-p same as -m\n\	829	-p same as -m\n\
807	-s, --shell=SHELL run SHELL if /etc/shells allows it\n\	830	-s, --shell=SHELL run SHELL if /etc/shells allows it\n\
		831	-x, --no-x remove the DISPLAY environment variable\n\
808	"), stdout);	832	"), stdout);
809	fputs (HELP_OPTION_DESCRIPTION, stdout);	833	fputs (HELP_OPTION_DESCRIPTION, stdout);
810	fputs (VERSION_OPTION_DESCRIPTION, stdout);	834	fputs (VERSION_OPTION_DESCRIPTION, stdout);
Lines 840-847 Link Here
840	fast_startup = 0;	864	fast_startup = 0;
841	simulate_login = 0;	865	simulate_login = 0;
842	change_environment = 1;	866	change_environment = 1;
		867	remove_display = 0;
843		868
844	while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)	869	while ((optc = getopt_long (argc, argv, "c:flmps:x", longopts, NULL)) != -1)
845	{	870	{
846	switch (optc)	871	switch (optc)
847	{	872	{
Lines 869-874 Link Here
869	shell = optarg;	894	shell = optarg;
870	break;	895	break;
871		896
		897	case 'x':
		898	remove_display = 1;
		899	break;
		900
872	case_GETOPT_HELP_CHAR;	901	case_GETOPT_HELP_CHAR;
873		902
874	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);	903	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
Lines 941-946 Link Here
941	shell = xstrdup (pw->pw_shell);	970	shell = xstrdup (pw->pw_shell);
942	}	971	}
943		972
		973	modify_display ();
		974
944	change_identity (pw);	975	change_identity (pw);
945		976
946	/* Set environment after pam_open_session, which may put	977	/* Set environment after pam_open_session, which may put

Return to bug 57238