From 1a15da1619aa0355ef480ddd6ab12d348a558b28 Mon Sep 17 00:00:00 2001 From: nectar Date: Wed, 31 Oct 2001 19:57:35 +0000 Subject: su: Don't use the result of getlogin() to determine whether we are the superuser. Always use getuid() instead. Submitted by: Johan Danielsson --- security/heimdal/files/patch-appl::su::su.c | 46 +++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 security/heimdal/files/patch-appl::su::su.c (limited to 'security/heimdal') diff --git a/security/heimdal/files/patch-appl::su::su.c b/security/heimdal/files/patch-appl::su::su.c new file mode 100644 index 00000000000..1fa71c03819 --- /dev/null +++ b/security/heimdal/files/patch-appl::su::su.c @@ -0,0 +1,46 @@ +--- appl/su/su.c.orig Wed Aug 22 15:35:38 2001 ++++ appl/su/su.c Wed Oct 31 13:14:50 2001 +@@ -152,7 +152,11 @@ + #ifdef KRB5 + krb5_error_code ret; + krb5_principal p; ++ char *login_name = NULL; + ++#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) ++ login_name = getlogin(); ++#endif + ret = krb5_init_context (&context); + if (ret) { + #if 0 +@@ -161,9 +165,11 @@ + return 1; + } + ++ if (login_name == NULL || strcmp (login_name, "root") == 0) ++ login_name = login_info->pw_name; + if (strcmp (su_info->pw_name, "root") == 0) + ret = krb5_make_principal(context, &p, NULL, +- login_info->pw_name, ++ login_name, + kerberos_instance, + NULL); + else +@@ -282,7 +288,6 @@ + int i, optind = 0; + char *su_user; + struct passwd *su_info; +- char *login_user = NULL; + struct passwd *login_info; + + struct passwd *pwd; +@@ -325,10 +330,6 @@ + if (su_info == NULL) + errx (1, "malloc: out of memory"); + +-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) +- login_user = getlogin(); +-#endif +- if(login_user == NULL || (pwd = getpwnam(login_user)) == NULL) + pwd = getpwuid(getuid()); + if(pwd == NULL) + errx(1, "who are you?"); -- cgit