- (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent

   accidentally inheriting from root's environment.  ok djm@

2 files changed, 9 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 7ce9e023..4db09761 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,8 @@
  - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
    for HP-UX 11.11.  If there are known-good configs where this is not
    required, please report them.  ok djm@
+ - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
+   accidentally inheriting from root's environment.  ok djm@
 
 20040129
  - (dtucker) OpenBSD CVS Sync regress/
@@ -1792,4 +1794,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3208 2004/02/06 04:59:06 dtucker Exp $
+$Id: ChangeLog,v 1.3209 2004/02/06 05:04:08 dtucker Exp $
diff --git a/sshd.c b/sshd.c
index ab029b00..ebb44db7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -101,6 +101,7 @@ extern char *__progname;
 #else
 char *__progname;
 #endif
+extern char **environ;
 
 /* Server configuration options. */
 ServerOptions options;
@@ -1101,6 +1102,11 @@ main(int ac, char **av)
 	   unmounted if desired. */
 	chdir("/");
 
+#ifndef HAVE_CYGWIN
+	/* Clear environment */
+	environ[0] = NULL;
+#endif
+
 	/* ignore SIGPIPE */
 	signal(SIGPIPE, SIG_IGN);