[647] in linux-security and linux-alert archive
[linux-security] environment in general
daemon@ATHENA.MIT.EDU (*Hobbit*)
Sun Mar 31 15:58:20 1996
Date: Sat, 30 Mar 1996 15:50:40 -0500
From: *Hobbit* <hobbit@avian.org>
To: linux-security@tarsier.cv.nrao.edu
I was playing with this the other day with an eye toward better securing
things like "captive" accounts. This also keeps the noise down in "ps -e"
output. Things involved in authentication and privilege [e.g. sliplogin]
may very well want to zorch_env or some equivalent early in the game and
start over...
_H*
==============
#include <stdio.h>
#include <string.h>
extern char ** environ;
/* trash the existing environment, and optionally construct a new one. _H*/
void zorch_env (envp)
char ** envp;
{
int x;
if (! envp)
envp = environ;
for (x = 0; ; x++) {
if (! envp[x]) break;
if (*envp[x] == '\0') continue;
envp[x][0] = '\0';
envp[x][1] = '\0';
envp[x] = NULL;
}
#ifdef NEWVARS
/* If you want to construct any new vars, define 'em here. For example,
a different shell so people can't shell out of various apps */
envp[0] = "SHELL=/bin/not-there";
envp[1] = "FOO=...etc...";
#endif
} /* zorch_env */
/* and example usage: exec something, using any remaining args. */
main (argc, argv, envp)
int argc;
char ** argv;
char ** envp;
{
char * p, * q;
zorch_env (envp);
q = argv[1];
p = strrchr (argv[1], '/');
if (p) {
p++;
argv[1] = p;
}
execve (q, &argv[1], envp);
fprintf (stderr, "exec %s failed\n", q);
}
