Zap all env vars beginning with PYTHON to prevent an obvious form of attack.

author Guido van Rossum <guido@python.org>

Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)

committer Guido van Rossum <guido@python.org>

Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)
author Guido van Rossum <guido@python.org>
Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)
committer Guido van Rossum <guido@python.org>
Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)
diff --git a/Misc/setuid-prog.c b/Misc/setuid-prog.c

index 6f25493cca9f6d2d7e5ae129ba55fcbccc9a7876..b49438a1c6705f80fe70fb10d97a94d73291bbbf 100644 (file)
--- a/Misc/setuid-prog.c
+++ b/Misc/setuid-prog.c
@@ -105,6 +105,8 @@ clean_environ(void)
                         **p = 'X';
                 else if (strncmp(*p, "_RLD", 4) == 0)
                         **p = 'X';
+               else if (strncmp(*p, "PYTHON", 6) == 0)
+                       **p = 'X';
                 else if (strncmp(*p, "IFS=", 4) == 0)
                         *p = def_IFS;
                 else if (strncmp(*p, "CDPATH=", 7) == 0)
author	Guido van Rossum <guido@python.org>
	Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)
committer	Guido van Rossum <guido@python.org>
	Tue, 11 Mar 1997 18:24:21 +0000 (18:24 +0000)