From a18b40facef388bb94b3c22ee908e65cbbcdcce6 Mon Sep 17 00:00:00 2001
From: Richard Ipsum <richardipsum@fastmail.co.uk>
Date: Sun, 30 Jul 2017 19:09:01 +0100
Subject: security: clear environment

Motivation: https://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html
---
 src/wrapper.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/wrapper.c b/src/wrapper.c
index a8a33da..ff2df91 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -60,18 +60,17 @@ main(int argc, char **argv)
 	prot_args parg;
 	lua_State *L;
 	int success;
+	extern char **environ;
 
 	/* Perform pre-lua-interpreter initialisation */
 #if defined BAKE_SUPPLE_PATHS
+	environ = NULL;	/* security: clear environment */
 	setenv("LUA_PATH", SUPPLE_LUA_PATH, 1);
 	setenv("LUA_CPATH", SUPPLE_LUA_CPATH, 1);
-	unsetenv("SUPPLE_MKDTEMP");
-	unsetenv("LUA_INIT");
 #elif !defined TESTING_SUPPLE
-	unsetenv("LUA_PATH");
-	unsetenv("LUA_CPATH");
-	unsetenv("SUPPLE_MKDTEMP");
-	unsetenv("LUA_INIT");
+	environ = NULL;	/* security: clear environment */
+#else
+	(void)(environ);	/* unused */
 #endif
 	
 	L = luaL_newstate();
-- 
cgit v1.2.1