diff options
author | imp <imp@FreeBSD.org> | 1997-03-24 06:11:44 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-03-24 06:11:44 +0000 |
commit | ff12c038efa6945b2598bb5f2d145ba82d294aca (patch) | |
tree | b337ff452cab29b14c0127a76a07815a1e449550 /lib/libc/net | |
parent | 52677342d6bdf6b469d9d1fe0f72db105c3fd8b9 (diff) | |
download | FreeBSD-src-ff12c038efa6945b2598bb5f2d145ba82d294aca.zip FreeBSD-src-ff12c038efa6945b2598bb5f2d145ba82d294aca.tar.gz |
If we're running setuid/setguid then don't open the host alias file to
prevent information leakage.
Closes PR 2578
Submitted by: Julian Assange
Diffstat (limited to 'lib/libc/net')
-rw-r--r-- | lib/libc/net/res_query.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libc/net/res_query.c b/lib/libc/net/res_query.c index d61d182..9726299 100644 --- a/lib/libc/net/res_query.c +++ b/lib/libc/net/res_query.c @@ -56,7 +56,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93"; static char orig_rcsid = "From: Id: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp"; -static char rcsid[] = "$Id$"; +static char rcsid[] = "$Id: res_query.c,v 1.12 1997/02/22 15:00:34 peter Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/types.h> @@ -358,6 +358,9 @@ hostalias(name) if (_res.options & RES_NOALIASES) return (NULL); + /* XXX issetguid() would be better here, but we don't have that. */ + if (getuid() != geteuid() || getgid() != getegid()) + return (NULL); file = getenv("HOSTALIASES"); if (file == NULL || (fp = fopen(file, "r")) == NULL) return (NULL); |