blob: ccb1459fc0062f7a8558db577b9213f433a962f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
$NetBSD: patch-screen.c,v 1.3 2017/01/25 01:17:16 maya Exp $
Use standard headers.
Don't open user-supplied paths as root.
--- screen.c.orig 2017-01-17 19:28:29.000000000 +0000
+++ screen.c
@@ -88,6 +88,8 @@
# include <langinfo.h>
#endif
+#include <limits.h>
+
#include "screen.h"
#ifdef HAVE_BRAILLE
# include "braille.h"
@@ -674,11 +676,17 @@ int main(int ac, char** av)
if (strlen(screenlogfile) > PATH_MAX)
Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+ int issetugid = geteuid() == 0;
+
+ if (issetugid && seteuid(getuid()) < 0)
+ Panic(0, "setuid 1");
FILE *w_check;
if ((w_check = fopen(screenlogfile, "w")) == NULL)
Panic(0, "-L: logfile name access problem");
else
fclose(w_check);
+ if (issetugid && seteuid(0) < 0)
+ Panic(0, "setuid 2");
}
nwin_options.Lflag = 1;
break;
|