diff options
| author | imp <imp@FreeBSD.org> | 1997-03-24 06:09:50 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-03-24 06:09:50 +0000 |
| commit | 52677342d6bdf6b469d9d1fe0f72db105c3fd8b9 (patch) | |
| tree | 829a7f0b6f39223e81f431a79bfa08255dd69e78 /lib | |
| parent | 4ea8eab38651fc57371b7bf66f31863f8a23de5a (diff) | |
| download | FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.zip FreeBSD-src-52677342d6bdf6b469d9d1fe0f72db105c3fd8b9.tar.gz | |
Don't open the tz file if we're running setuid or setgid to prevent infomration
leakage.
Submitted by: Julian Assange
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/stdtime/localtime.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libc/stdtime/localtime.c b/lib/libc/stdtime/localtime.c index 3438cc6..031e665 100644 --- a/lib/libc/stdtime/localtime.c +++ b/lib/libc/stdtime/localtime.c @@ -305,8 +305,10 @@ register struct state * const sp; doaccess = TRUE; name = fullname; } - if (doaccess && access(name, R_OK) != 0) - return -1; + /* XXX Should really be issetguid(), but we don't have that */ + if (doaccess && + (getuid() != geteuid() || getgid() != getegid()) ) + return -1; if ((fid = open(name, OPEN_MODE)) == -1) return -1; if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) |
