If sysinstall was used to configure an anonymous FTP area, it was

possible for information to be copied from the group file to the group
file in the FTP area.  This patch based on a patch from Zak Johnson
<zakj at nox dot cx>.

PR:		bin/25851
Submitted by:	Ted Mittelstaedt <tedm at toybox punkt placo period com>
Approved by:	jhb (proxy mentor)
MFC after:	3 days
MFC to:		RELENG_5, RELENG_6
Security:	Prevents possible group information leakage

1 files changed, 1 insertions, 1 deletions

diff --git a/usr.sbin/sysinstall/anonFTP.c b/usr.sbin/sysinstall/anonFTP.c
index 9492f97..206b1b1 100644
--- a/usr.sbin/sysinstall/anonFTP.c
+++ b/usr.sbin/sysinstall/anonFTP.c
@@ -299,7 +299,7 @@ configAnonFTP(dialogMenuItem *self __unused)
 	    vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 10 || $1 == \"ftp\")) print $0}' /etc/master.passwd > %s/etc/master.passwd", tconf.homedir);
 	    vsystem("/usr/sbin/pwd_mkdb -d %s/etc %s/etc/master.passwd && chmod 444 %s/etc/pwd.db", tconf.homedir, tconf.homedir, tconf.homedir);
 	    vsystem("rm -f %s/etc/master.passwd %s/etc/spwd.db", tconf.homedir, tconf.homedir);
-	    vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
+	    vsystem("awk -F: '!/^#/ {if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) printf \"%%s:*:%%s:\\n\", $1, $3}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
 	    vsystem("chown -R root:%s %s/pub", tconf.group, tconf.homedir);
 	}
 	else {