diff options
author | obrien <obrien@FreeBSD.org> | 1999-05-08 00:46:06 +0000 |
---|---|---|
committer | obrien <obrien@FreeBSD.org> | 1999-05-08 00:46:06 +0000 |
commit | 228630557e264fa21523fca2b99e3adb69518f69 (patch) | |
tree | 8fc4bf3481272909ee2970d66818dd1836a1f400 /usr.bin/finger/finger.c | |
parent | 4f9e07b1eda52b7cb82d30035cc56eb06b2ab297 (diff) | |
download | FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.zip FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.tar.gz |
Impliment elements of TCP Wrappers's `safe_finger'.
* if run by root (or root process) drop privs
* ensure output size is not infinate (net finger only)
* ensure output lines are not infinate in length (net finger only)
* do not allow finger client to run longer than 3 minutes (net finger only)
Diffstat (limited to 'usr.bin/finger/finger.c')
-rw-r--r-- | usr.bin/finger/finger.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c index 091ac16..8a2cb2b 100644 --- a/usr.bin/finger/finger.c +++ b/usr.bin/finger/finger.c @@ -55,7 +55,7 @@ static char copyright[] = static char sccsid[] = "@(#)finger.c 8.5 (Berkeley) 5/4/95"; #else static const char rcsid[] = - "$Id$"; + "$Id: finger.c,v 1.12 1997/07/02 06:34:48 charnier Exp $"; #endif #endif /* not lint */ @@ -154,6 +154,17 @@ main(argc, argv) { int envargc, argcnt; char *envargv[3]; + struct passwd *pw; + + if (getuid() == 0 || geteuid() == 0) { + if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) { + setgid(pw->pw_gid); + setuid(pw->pw_uid); + } else { + setgid(UNPRIV_UGID); + setuid(UNPRIV_UGID); + } + } (void) setlocale(LC_ALL, ""); |