Hardcoding Prog to known value

See #959. We now set Prog (program name) based on hardcoded value instead
of argv[0]. This is to help prevent escape sequence injection.
This commit is contained in:
Skyler Ferrante
2024-03-03 00:54:05 -05:00
committed by Alejandro Colomar
parent d13844408c
commit e6c2e43937
37 changed files with 85 additions and 171 deletions
+1 -5
View File
@@ -23,7 +23,7 @@
/*
* Global variables
*/
const char *Prog;
static const char Prog[] = "groups";
/* local function prototypes */
static void print_groups (const char *member);
@@ -97,10 +97,6 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
/*
* Get the program name so that error messages can use it.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog);
log_set_logfd(stderr);