Impliment elements of TCP Wrappers's `safe_finger'.

* if run by root (or root process) drop privs * ensure output size is not infinate (net finger only) * ensure output lines are not infinate in length (net finger only) * do not allow finger client to run longer than 3 minutes (net finger only)
author: obrien <obrien@FreeBSD.org> 1999-05-08 00:46:06 +0000
committer: obrien <obrien@FreeBSD.org> 1999-05-08 00:46:06 +0000
commit: 228630557e264fa21523fca2b99e3adb69518f69 (patch)
tree: 8fc4bf3481272909ee2970d66818dd1836a1f400 /usr.bin/finger/finger.c
parent: 4f9e07b1eda52b7cb82d30035cc56eb06b2ab297 (diff)
download: FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.zip
FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c
index 091ac16..8a2cb2b 100644
--- a/usr.bin/finger/finger.c
+++ b/usr.bin/finger/finger.c
@@ -55,7 +55,7 @@ static char copyright[] =
 static char sccsid[] = "@(#)finger.c	8.5 (Berkeley) 5/4/95";
 #else
 static const char rcsid[] =
-	"$Id$";
+	"$Id: finger.c,v 1.12 1997/07/02 06:34:48 charnier Exp $";
 #endif
 #endif /* not lint */
 
@@ -154,6 +154,17 @@ main(argc, argv)
 {
 	int envargc, argcnt;
 	char *envargv[3];
+	struct passwd *pw;
+
+	if (getuid() == 0 || geteuid() == 0) {
+		if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) {
+			 setgid(pw->pw_gid);
+			 setuid(pw->pw_uid);
+		} else {
+			 setgid(UNPRIV_UGID);
+			 setuid(UNPRIV_UGID);
+		}
+	}
 
 	(void) setlocale(LC_ALL, "");
author	obrien <obrien@FreeBSD.org>	1999-05-08 00:46:06 +0000
committer	obrien <obrien@FreeBSD.org>	1999-05-08 00:46:06 +0000
commit	228630557e264fa21523fca2b99e3adb69518f69 (patch)
tree	8fc4bf3481272909ee2970d66818dd1836a1f400 /usr.bin/finger/finger.c
parent	4f9e07b1eda52b7cb82d30035cc56eb06b2ab297 (diff)
download	FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.zip FreeBSD-src-228630557e264fa21523fca2b99e3adb69518f69.tar.gz