Disallow libdialog to be used in setugid applications; it is chock full

of buffer overflows.

MFC after:      3 days

1 files changed, 8 insertions, 0 deletions

diff --git a/gnu/lib/libdialog/kernel.c b/gnu/lib/libdialog/kernel.c
index c30e478..d81ebfe 100644
--- a/gnu/lib/libdialog/kernel.c
+++ b/gnu/lib/libdialog/kernel.c
@@ -75,11 +75,14 @@
  *	         prove 'interesting' to say the least :-)
  *             Added radiolist option
  *	     - Version 0.4 released.
+ *
+ * $FreeBSD$
  */
 
 #define __DIALOG_MAIN__
 
 #include <dialog.h>
+#include <err.h>
 #include "dialog.priv.h"
 #ifdef HAVE_NCURSES
 #include "colors.h"
@@ -98,6 +101,11 @@ int DialogInputAttrs;
  */
 void init_dialog(void)
 {
+
+  if (issetugid()) {
+	errx(1, "libdialog is unsafe to use in setugid applications");
+  }
+
 #if defined(LOCALE)
   (void) setlocale(LC_ALL, "");
 #endif