user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs

It's better to be safe than sorry, let's not allow overriding of the
user shell in suid binaries. Similar for $USER.

1 files changed, 2 insertions, 2 deletions

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 5f1bd5f5a2..a479590e47 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -80,7 +80,7 @@ char* getlogname_malloc(void) {
 char *getusername_malloc(void) {
         const char *e;
 
-        e = getenv("USER");
+        e = secure_getenv("USER");
         if (e)
                 return strdup(e);
 
@@ -514,7 +514,7 @@ int get_shell(char **_s) {
         assert(_s);
 
         /* Take the user specified one */
-        e = getenv("SHELL");
+        e = secure_getenv("SHELL");
         if (e && path_is_valid(e) && path_is_absolute(e)) {
                 s = strdup(e);
                 if (!s)