From owner-freebsd-audit  Sun Aug 19 12:11:23 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from coffee.q9media.com (coffee.q9media.com [216.94.229.19])
	by hub.freebsd.org (Postfix) with ESMTP id CC70237B412
	for <audit@FreeBSD.org>; Sun, 19 Aug 2001 12:11:20 -0700 (PDT)
	(envelope-from mike@coffee.q9media.com)
Received: (from mike@localhost)
	by coffee.q9media.com (8.11.2/8.11.3) id f7JJXQ849201;
	Sun, 19 Aug 2001 15:33:26 -0400 (EDT)
	(envelope-from mike)
Date: Sun, 19 Aug 2001 15:33:26 -0400
From: Mike Barcroft <mike@FreeBSD.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: audit@FreeBSD.org
Subject: Re: Checking issetugid() with getenv() in libraries
Message-ID: <20010819153326.B49129@coffee.q9media.com>
Mail-Followup-To: Mike Barcroft <mike@FreeBSD.org>,
	Kris Kennaway <kris@obsecurity.org>, audit@FreeBSD.org
References: <20010818221258.A79194@xor.obsecurity.org> <20010818222846.B79436@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010818222846.B79436@xor.obsecurity.org>; from kris@obsecurity.org on Sat, Aug 18, 2001 at 10:28:46PM -0700
Organization: The FreeBSD Project
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Kris Kennaway <kris@obsecurity.org> writes:
> Another one:
> 
> Index: ./libdialog/rc.c
> ===================================================================
> RCS file: /mnt/ncvs/src/gnu/lib/libdialog/rc.c,v
> retrieving revision 1.2
> diff -u -r1.2 rc.c
> --- ./libdialog/rc.c	1994/10/20 21:56:43	1.2
> +++ ./libdialog/rc.c	2001/08/19 05:27:47
> @@ -103,12 +103,12 @@
>     *
>     */
>  
> -  if ((tempptr = getenv("DIALOGRC")) != NULL)
> +  if (issetugid() == 0 && (tempptr = getenv("DIALOGRC")) != NULL)
>      rc_file = fopen(tempptr, "rt");
>  
>    if (tempptr == NULL || rc_file == NULL) {    /* step (a) failed? */
>      /* try step (b) */
> -    if ((tempptr = getenv("HOME")) == NULL)
> +    if (issetugid() != 0 || (tempptr = getenv("HOME")) == NULL)
>        return 0;    /* step (b) failed, use default values */
>  
>      if (tempptr[0] == '\0' || lastch(tempptr) == '/')

Same problem here as well, unless tempptr is initialized to NULL above
this.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message