security: clear environment

Motivation: https://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html
author: Richard Ipsum <richardipsum@fastmail.co.uk> 2017-07-30 19:09:01 +0100
committer: Richard Ipsum <richardipsum@fastmail.co.uk> 2017-07-30 19:09:01 +0100
commit: a18b40facef388bb94b3c22ee908e65cbbcdcce6 (patch)
tree: 7eb5532731ef52378eccbf620b13463b86da9d69
parent: 38dfc0477f228d06d952528c91a59a31940b95d7 (diff)
download: supple-a18b40facef388bb94b3c22ee908e65cbbcdcce6.tar.gz
1 files changed, 5 insertions, 6 deletions
diff --git a/src/wrapper.c b/src/wrapper.c
index a8a33da..ff2df91 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -60,18 +60,17 @@ main(int argc, char **argv)
 	prot_args parg;
 	lua_State *L;
 	int success;
+	extern char **environ;
 
 	/* Perform pre-lua-interpreter initialisation */
 #if defined BAKE_SUPPLE_PATHS
+	environ = NULL;	/* security: clear environment */
 	setenv("LUA_PATH", SUPPLE_LUA_PATH, 1);
 	setenv("LUA_CPATH", SUPPLE_LUA_CPATH, 1);
-	unsetenv("SUPPLE_MKDTEMP");
-	unsetenv("LUA_INIT");
 #elif !defined TESTING_SUPPLE
-	unsetenv("LUA_PATH");
-	unsetenv("LUA_CPATH");
-	unsetenv("SUPPLE_MKDTEMP");
-	unsetenv("LUA_INIT");
+	environ = NULL;	/* security: clear environment */
+#else
+	(void)(environ);	/* unused */
 #endif
 	
 	L = luaL_newstate();
author	Richard Ipsum <richardipsum@fastmail.co.uk>	2017-07-30 19:09:01 +0100
committer	Richard Ipsum <richardipsum@fastmail.co.uk>	2017-07-30 19:09:01 +0100
commit	a18b40facef388bb94b3c22ee908e65cbbcdcce6 (patch)
tree	7eb5532731ef52378eccbf620b13463b86da9d69
parent	38dfc0477f228d06d952528c91a59a31940b95d7 (diff)
download	supple-a18b40facef388bb94b3c22ee908e65cbbcdcce6.tar.gz