diff options
| author | imp <imp@FreeBSD.org> | 1997-08-27 05:27:53 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-08-27 05:27:53 +0000 |
| commit | 4e4e5cd87be2aa1eed80d99eb6f8b865742d4bfb (patch) | |
| tree | 1429cee299257c93166e90c2509a0038ecf2fde3 /lib/libc/gen/glob.c | |
| parent | 7dbdc70f843254b098431db944bb90e43fd6c8e3 (diff) | |
| download | FreeBSD-src-4e4e5cd87be2aa1eed80d99eb6f8b865742d4bfb.zip FreeBSD-src-4e4e5cd87be2aa1eed80d99eb6f8b865742d4bfb.tar.gz | |
Don't getenv(HOME) when set[ug]od. This can lead to a buffer overflow and
elevated privs.
Obtained from: OpenBSD
Diffstat (limited to 'lib/libc/gen/glob.c')
| -rw-r--r-- | lib/libc/gen/glob.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c index f58fd8d..0c6fe5d 100644 --- a/lib/libc/gen/glob.c +++ b/lib/libc/gen/glob.c @@ -358,10 +358,11 @@ globtilde(pattern, patbuf, patbuf_len, pglob) if (((char *) patbuf)[0] == EOS) { /* - * handle a plain ~ or ~/ by expanding $HOME - * first and then trying the password file + * handle a plain ~ or ~/ by expanding $HOME first (iff + * we're not running setuid or setgid) and then trying + * the password file */ - if ((h = getenv("HOME")) == NULL) { + if (issetugid() != 0 || (h = getenv("HOME")) == NULL) { if ((pwd = getpwuid(getuid())) == NULL) return pattern; else |
