From 0150f21be9739ad3fc8d5ce7cee2a2ff4a09326f Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 22 Aug 2018 11:43:32 +0200
Subject: [PATCH] setpriv: add --reset-env

Clear environment in way like su(1), but PATH is set to hard-coded
defaults and /etc/login.defs is not used at all (I guess we want to
keep setpriv(1) simple).

If you need anything more advanced than use env(1).

Addresses: https://github.com/karelzak/util-linux/issues/325
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 sys-utils/setpriv.1 |  9 ++++++++
 sys-utils/setpriv.c | 54 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index b900f6e08..45bc5a23b 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -159,6 +159,15 @@ to abort if AppArmor is not in use, and the transition may be ignored or cause
 .BR execve (2)
 to fail at AppArmor's whim.
 .TP
+.BI \-\-reset\-env
+Clears all the environment variables except TERM; initializes the environment variables HOME, SHELL, USER, LOGNAME
+according to the user's passwd entry; sets PATH to \fI/usr/local/bin:/bin:/usr/bin\fR for a regual user and to
+\fI/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\fR for root.
+.sp
+The environment variable PATH may be different on systems where /bin and /sbin
+are merged into /usr.  The environment variable SHELL defaults to \fI/bin/sh\fR if none is given in the user's
+passwd entry.
+.TP
 .BR \-V , " \-\-version"
 Display version information and exit.
 .TP
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index 4147978cc..30f8f9b15 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -38,6 +38,7 @@
 #include "strutils.h"
 #include "xalloc.h"
 #include "pathnames.h"
+#include "env.h"
 
 #ifndef PR_SET_NO_NEW_PRIVS
 # define PR_SET_NO_NEW_PRIVS 38
@@ -55,6 +56,9 @@
 
 #define SETPRIV_EXIT_PRIVERR 127	/* how we exit when we fail to set privs */
 
+/* The shell to set SHELL env.variable if none is given in the user's passwd entry.  */
+#define DEFAULT_SHELL "/bin/sh"
+
 enum cap_type {
 	CAP_TYPE_EFFECTIVE   = CAPNG_EFFECTIVE,
 	CAP_TYPE_PERMITTED   = CAPNG_PERMITTED,
@@ -82,6 +86,7 @@ struct privctx {
 		keep_groups:1,		/* keep groups */
 		clear_groups:1,		/* remove groups */
 		init_groups:1,		/* initialize groups */
+		reset_env:1,		/* reset environment */
 		have_securebits:1;	/* remove groups */
 
 	/* uids and gids */
@@ -137,6 +142,8 @@ static void __attribute__((__noreturn__)) usage(void)
 	fputs(_(" --securebits <bits>         set securebits\n"), out);
 	fputs(_(" --selinux-label <label>     set SELinux label\n"), out);
 	fputs(_(" --apparmor-profile <pr>     set AppArmor profile\n"), out);
+	fputs(_(" --reset-env                 clear all environment and initialize\n"
+		"                               HOME, SHELL, USER, LOGNAME and PATH\n"), out);
 
 	fputs(USAGE_SEPARATOR, out);
 	printf(USAGE_HELP_OPTIONS(29));
@@ -643,6 +650,36 @@ static void do_apparmor_profile(const char *label)
 		    _("write failed: %s"), _PATH_PROC_ATTR_EXEC);
 }
 
+
+static void do_reset_environ(struct passwd *pw)
+{
+	char *term = getenv("TERM");
+
+	if (term)
+		term = xstrdup(term);
+#ifdef HAVE_CLEARENV
+	clearenv();
+#else
+	environ = NULL;
+#endif
+	if (term)
+		xsetenv("TERM", term, 1);
+
+	if (pw->pw_shell && *pw->pw_shell)
+		xsetenv("SHELL", pw->pw_shell, 1);
+	else
+		xsetenv("SHELL", DEFAULT_SHELL, 1);
+
+	xsetenv("HOME", pw->pw_dir, 1);
+	xsetenv("USER", pw->pw_name, 1);
+	xsetenv("LOGNAME", pw->pw_name, 1);
+
+	if (pw->pw_uid)
+		xsetenv("PATH", _PATH_DEFPATH, 1);
+	else
+		xsetenv("PATH", _PATH_DEFPATH_ROOT, 1);
+}
+
 static uid_t get_user(const char *s, const char *err)
 {
 	struct passwd *pw;
@@ -712,7 +749,8 @@ int main(int argc, char **argv)
 		CAPBSET,
 		SECUREBITS,
 		SELINUX_LABEL,
-		APPARMOR_PROFILE
+		APPARMOR_PROFILE,
+		RESET_ENV
 	};
 
 	static const struct option longopts[] = {
@@ -737,6 +775,7 @@ int main(int argc, char **argv)
 		{ "selinux-label",    required_argument, NULL, SELINUX_LABEL    },
 		{ "apparmor-profile", required_argument, NULL, APPARMOR_PROFILE },
 		{ "help",             no_argument,       NULL, 'h'              },
+		{ "reset-env",        no_argument,       NULL, RESET_ENV,       },
 		{ "version",          no_argument,       NULL, 'V'              },
 		{ NULL, 0, NULL, 0 }
 	};
@@ -883,6 +922,9 @@ int main(int argc, char **argv)
 				     _("duplicate --apparmor-profile option"));
 			opts.apparmor_profile = optarg;
 			break;
+		case RESET_ENV:
+			opts.reset_env = 1;
+			break;
 		case 'h':
 			usage();
 		case 'V':
@@ -928,6 +970,16 @@ int main(int argc, char **argv)
 		       "can be found on the system"),
 		     (long) opts.ruid);
 
+	if (opts.reset_env) {
+		if (opts.have_passwd)
+			/* pwd according to --ruid or --reuid */
+			pw = &opts.passwd;
+		else
+			/* pwd for the current user */
+			pw = getpwuid(getuid());
+		do_reset_environ(pw);
+	}
+
 	if (opts.nnp && prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
 		err(EXIT_FAILURE, _("disallow granting new privileges failed"));
 
-- 
2.30.2