Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 80eb3c0

Browse files
gvanrossumgvanrossum
committed
Zap all env vars beginning with PYTHON to prevent an obvious form of attack.
1 parent b5dc5e3 commit 80eb3c0

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

Misc/setuid-prog.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ clean_environ(void)
105105
**p = 'X';
106106
else if (strncmp(*p, "_RLD", 4) == 0)
107107
**p = 'X';
108+
else if (strncmp(*p, "PYTHON", 6) == 0)
109+
**p = 'X';
108110
else if (strncmp(*p, "IFS=", 4) == 0)
109111
*p = def_IFS;
110112
else if (strncmp(*p, "CDPATH=", 7) == 0)

0 commit comments

Comments
 (0)