hotplug-dispatch: fix filter disallowing setting PATH
Due to a bug in hotplug-dispatch, the PATH env variable wasn't
filtered, allowing authrorized callers the execution of commands
via PATH environment variable filter bypass.
Replace the call to strcmp with strncmp and limit the comparision
to 5 characters to account for each character in "PATH=".
Fixes: TOB-OWRT-4
Fixes: 08938fe ("procd: add hotplug-call dispatcher")
Reported-by: Trail of Bits (@trailofbits)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
projects / project / procd.git / commit