Changed wrapper environment cleaning from blacklist to whitelist.

2 files changed, 28 insertions, 9 deletions

diff --git a/NEWS b/NEWS
index 934ed640..eff16f51 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,9 @@ Here is a history of user visible changes to Mailman.
 
   Bug fixes and other patches
 
+    - Changed the SETGID wrappers to only pass those items in the environment
+      that are needed by the called scripts.  (LP: #1705736)
+
     - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
       virtual-mailman(.db) files are readable by Postfix and the .db files are
       owned by the Mailman user.  (LP: #1696066)
diff --git a/src/common.c b/src/common.c
index 62ed7657..94418892 100644
--- a/src/common.c
+++ b/src/common.c
@@ -162,20 +162,36 @@ check_caller(const char* ident, const char* parentgroup)
 
 
 
-/* list of environment variables which are removed from the given
+/* list of environment variables which are kept in the given
  * environment.  Some may or may not be hand crafted and passed into
  * the execv'd environment.
  *
  * TBD: The logic of this should be inverted.  IOW, we should audit the
  * Mailman CGI code for those environment variables that are used, and
- * specifically white list them, removing all other variables.  John Viega
+ * specifically white list them, removing all other variables.
+ * MAS: This is now done.
+ *
+ * John Viega
  * also suggests imposing a maximum size just in case Python doesn't handle
  * them right (which it should because Python strings have no hard limits).
  */
-static char* killenvars[] = {
-        "PYTHONPATH=",
-        "PYTHONHOME=",
-        "PATH=",
+static char* keepenvars[] = {
+        "CONTENT_TYPE=",
+        "HOST=",
+        "HTTP_COOKIE=",
+        "HTTP_FORWARDED_FOR=",
+        "HTTP_HOST=",
+        "HTTP_X_FORWARDED_FOR=",
+        "LOGNAME=",
+        "PATH_INFO=",
+        "QUERY_STRING=",
+        "REMOTE_ADDR=",
+        "REQUEST_METHOD=",
+        "REQUEST_URI=",
+        "SCRIPT_NAME=",
+        "SERVER_NAME=",
+        "SERVER_PORT=",
+        "USER=",
         NULL
 };
 
@@ -232,11 +248,11 @@ run_script(const char* script, int argc, char** argv, char** env)
 
         /* filter out any troublesome environment variables */
         for (i = 0, j = 0; i < envcnt; i++) {
-                char** k = &killenvars[0];
-                int keep = 1;
+                char** k = &keepenvars[0];
+                int keep = 0;
                 while (*k) {
                         if (!strncmp(*k, env[i], strlen(*k))) {
-                                keep = 0;
+                                keep = 1;
                                 break;
                         }
                         *k++;