Don't open the tz file if we're running setuid or setgid to prevent infomration

leakage. Submitted by: Julian Assange
author: imp <imp@FreeBSD.org> 1997-03-24 06:09:50 +0000
committer: imp <imp@FreeBSD.org> 1997-03-24 06:09:50 +0000
commit: 52677342d6bdf6b469d9d1fe0f72db105c3fd8b9 (patch)
tree: 829a7f0b6f39223e81f431a79bfa08255dd69e78 /lib/libc/stdtime
parent: 4ea8eab38651fc57371b7bf66f31863f8a23de5a (diff)
download: FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.zip
FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libc/stdtime/localtime.c b/lib/libc/stdtime/localtime.c
index 3438cc6..031e665 100644
--- a/lib/libc/stdtime/localtime.c
+++ b/lib/libc/stdtime/localtime.c
@@ -305,8 +305,10 @@ register struct state * const	sp;
 				doaccess = TRUE;
 			name = fullname;
 		}
-		if (doaccess && access(name, R_OK) != 0)
-			return -1;
+		/* XXX Should really be issetguid(), but we don't have that */
+		if (doaccess && 
+			(getuid() != geteuid() || getgid() != getegid()) )
+		     	return -1;
 		if ((fid = open(name, OPEN_MODE)) == -1)
 			return -1;
 		if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode))
author	imp <imp@FreeBSD.org>	1997-03-24 06:09:50 +0000
committer	imp <imp@FreeBSD.org>	1997-03-24 06:09:50 +0000
commit	52677342d6bdf6b469d9d1fe0f72db105c3fd8b9 (patch)
tree	829a7f0b6f39223e81f431a79bfa08255dd69e78 /lib/libc/stdtime
parent	4ea8eab38651fc57371b7bf66f31863f8a23de5a (diff)
download	FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.zip FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.tar.gz