diff options
author | nectar <nectar@FreeBSD.org> | 2001-11-01 03:57:35 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2001-11-01 03:57:35 +0800 |
commit | 1a15da1619aa0355ef480ddd6ab12d348a558b28 (patch) | |
tree | 70a23465112cf8d9f869858765d6bec986bb0d65 /security/heimdal | |
parent | dc41b47a7af69a085db87c7f8026ab3bae305e45 (diff) | |
download | freebsd-ports-graphics-1a15da1619aa0355ef480ddd6ab12d348a558b28.tar.gz freebsd-ports-graphics-1a15da1619aa0355ef480ddd6ab12d348a558b28.tar.zst freebsd-ports-graphics-1a15da1619aa0355ef480ddd6ab12d348a558b28.zip |
su: Don't use the result of getlogin() to determine whether we are the
superuser. Always use getuid() instead.
Submitted by: Johan Danielsson <joda@pdc.kth.se>
Diffstat (limited to 'security/heimdal')
-rw-r--r-- | security/heimdal/files/patch-appl::su::su.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security/heimdal/files/patch-appl::su::su.c b/security/heimdal/files/patch-appl::su::su.c new file mode 100644 index 00000000000..1fa71c03819 --- /dev/null +++ b/security/heimdal/files/patch-appl::su::su.c @@ -0,0 +1,46 @@ +--- appl/su/su.c.orig Wed Aug 22 15:35:38 2001 ++++ appl/su/su.c Wed Oct 31 13:14:50 2001 +@@ -152,7 +152,11 @@ + #ifdef KRB5 + krb5_error_code ret; + krb5_principal p; ++ char *login_name = NULL; + ++#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) ++ login_name = getlogin(); ++#endif + ret = krb5_init_context (&context); + if (ret) { + #if 0 +@@ -161,9 +165,11 @@ + return 1; + } + ++ if (login_name == NULL || strcmp (login_name, "root") == 0) ++ login_name = login_info->pw_name; + if (strcmp (su_info->pw_name, "root") == 0) + ret = krb5_make_principal(context, &p, NULL, +- login_info->pw_name, ++ login_name, + kerberos_instance, + NULL); + else +@@ -282,7 +288,6 @@ + int i, optind = 0; + char *su_user; + struct passwd *su_info; +- char *login_user = NULL; + struct passwd *login_info; + + struct passwd *pwd; +@@ -325,10 +330,6 @@ + if (su_info == NULL) + errx (1, "malloc: out of memory"); + +-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) +- login_user = getlogin(); +-#endif +- if(login_user == NULL || (pwd = getpwnam(login_user)) == NULL) + pwd = getpwuid(getuid()); + if(pwd == NULL) + errx(1, "who are you?"); |