The install-debuginfo C wrapper which is run by a non-root user
clears the whole environment. However, since the installer
asks for user input by the use of an environment variable,
we have to create a whitelist of variables to keep when doing
the environment purge.

Signed-off-by: Petr Kubat <pkubat-H+wXaHxf7aLQT0dZR+***@public.gmane.org>
---
.../abrt-action-install-debuginfo-to-abrt-cache.c | 28 ++++++++++++++++++++++
1 file changed, 28 insertions(+)

diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index 60ac5c9..53be57a 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -70,7 +70,35 @@ int main(int argc, char **argv)
// We forgot to sanitize PYTHONPATH. And who knows what else we forgot
// (especially considering *future* new variables of this kind).
// We switched to clearing entire environment instead:
+
+ // However since we communicate through environment variables
+ // we have to keep a whitelist of variables to keep.
+ static const char *whitelist[] = {
+ "REPORT_CLIENT_SLAVE" // Check if the app is being run as a slave
+ };
+ int wlsize = sizeof(whitelist)/sizeof(char*);
+ char *setlist[wlsize];
+ char *p = NULL;
+ for (int i = 0; i < wlsize; i++) {
+ if ((p = getenv(whitelist[i])) != NULL) {
+ setlist[i] = malloc(strlen(p)*sizeof(char*));
+ setlist[i] = strncpy(setlist[i], p, strlen(p));
+ }
+ else
+ setlist[i] = NULL;
+ }
+ // Now we can clear the environment
clearenv();
+ // And once again set whitelisted variables
+ for (int i = 0; i < wlsize; i++) {
+ if (setlist[i] != NULL) {
+ int slsize = sizeof(setlist)/sizeof(char*);
+ char buffer[slsize+wlsize+1];
+ sprintf(buffer, "%s=%s", whitelist[i], setlist[i]);
+ putenv(buffer);
+ free(setlist[i]);
+ }
+ }
#else
/* Clear dangerous stuff from env */
static const char forbid[] =