From owner-freebsd-audit Sun Aug 19 14: 8: 5 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id E112F37B414 for ; Sun, 19 Aug 2001 14:08:02 -0700 (PDT) (envelope-from nectar@nectar.com) Received: by gw.nectar.com (Postfix, from userid 1001) id 12003547; Sun, 19 Aug 2001 16:08:02 -0500 (CDT) Date: Sun, 19 Aug 2001 16:08:02 -0500 From: "Jacques A. Vidrine" To: Kris Kennaway Cc: audit@FreeBSD.org Subject: Re: Checking issetugid() with getenv() in libraries Message-ID: <20010819160801.A84442@hellblazer.nectar.com> References: <20010818221258.A79194@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010818221258.A79194@xor.obsecurity.org>; from kris@obsecurity.org on Sat, Aug 18, 2001 at 10:12:58PM -0700 X-Url: http://www.nectar.com/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I think this is introducing a few uninitialized pointer bugs. For example, in this chunk it is clear we're going to crash. Of course, this particular chunk is probably wrong in other ways -- if you don't want to look at HOME, I guess you'll need to use getpwuid(). > diff -u -r1.3 ncpl_rcfile.c > --- libncp/ncpl_rcfile.c 2000/05/26 02:00:20 1.3 > +++ libncp/ncpl_rcfile.c 2001/08/19 04:52:39 > @@ -390,7 +390,8 @@ > char *home, *fn; > int error; > > - home = getenv("HOME"); > + if (issetugid() == 0) > + home = getenv("HOME"); > if (home) { > fn = malloc(strlen(home) + 20); > sprintf(fn, "%s/.nwfsrc", home); Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message