Disallow libdialog to be used in setugid applications; it is chock full

of buffer overflows. MFC after: 3 days
author: kris <kris@FreeBSD.org> 2002-10-12 20:32:03 +0000
committer: kris <kris@FreeBSD.org> 2002-10-12 20:32:03 +0000
commit: 2fdf0ba50ed92dcffb1abd09afb959714349ccd0 (patch)
tree: 161204988cfb79e83f43f1dad2cd0d69ce4d3608 /gnu/lib/libdialog
parent: 36889c5b1b7d06ae38920bf7ce1a82c3f02b5fdd (diff)
download: FreeBSD-src-2fdf0ba50ed92dcffb1abd09afb959714349ccd0.zip
FreeBSD-src-2fdf0ba50ed92dcffb1abd09afb959714349ccd0.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/gnu/lib/libdialog/kernel.c b/gnu/lib/libdialog/kernel.c
index c30e478..d81ebfe 100644
--- a/gnu/lib/libdialog/kernel.c
+++ b/gnu/lib/libdialog/kernel.c
@@ -75,11 +75,14 @@
  *	         prove 'interesting' to say the least :-)
  *             Added radiolist option
  *	     - Version 0.4 released.
+ *
+ * $FreeBSD$
  */
 
 #define __DIALOG_MAIN__
 
 #include <dialog.h>
+#include <err.h>
 #include "dialog.priv.h"
 #ifdef HAVE_NCURSES
 #include "colors.h"
@@ -98,6 +101,11 @@ int DialogInputAttrs;
  */
 void init_dialog(void)
 {
+
+  if (issetugid()) {
+	errx(1, "libdialog is unsafe to use in setugid applications");
+  }
+
 #if defined(LOCALE)
   (void) setlocale(LC_ALL, "");
 #endif
author	kris <kris@FreeBSD.org>	2002-10-12 20:32:03 +0000
committer	kris <kris@FreeBSD.org>	2002-10-12 20:32:03 +0000
commit	2fdf0ba50ed92dcffb1abd09afb959714349ccd0 (patch)
tree	161204988cfb79e83f43f1dad2cd0d69ce4d3608 /gnu/lib/libdialog
parent	36889c5b1b7d06ae38920bf7ce1a82c3f02b5fdd (diff)
download	FreeBSD-src-2fdf0ba50ed92dcffb1abd09afb959714349ccd0.zip FreeBSD-src-2fdf0ba50ed92dcffb1abd09afb959714349ccd0.tar.gz