remove security hole in e_start_main

if a file called ~/.e-mtrack existed then during startup the launcher would read the first line of this file and set LD_PRELOAD to that value CID 1039785
2016-02-29 08:23:59 -05:00 · 2016-02-29 08:23:59 -05:00 · cf0d1eba9c
parent 51365e879e
commit cf0d1eba9c
1 changed files with 4 additions and 4 deletions
--- a/src/bin/e_start_main.c
+++ b/src/bin/e_start_main.c
@ -613,13 +613,13 @@ main(int argc, char **argv)
     }
   putchar('\n');

-   /* mtrack memory tracker support */
   home = getenv("HOME");
   if (home)
     {
-        FILE *f;
        const char *tmps;
-
+#if 0
+        FILE *f;
+        /* mtrack memory tracker support */
        /* if you have ~/.e-mtrack, then the tracker will be enabled
         * using the content of this file as the path to the mtrack.so
         * shared object that is the mtrack preload */
@ -643,7 +643,7 @@ main(int argc, char **argv)
               }
             fclose(f);
          }
-
+#endif
        tmps = getenv("XDG_DATA_HOME");
        if (tmps)
          snprintf(buf, sizeof(buf), "%s/Applications/.bin", tmps);