From 52677342d6bdf6b469d9d1fe0f72db105c3fd8b9 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Mon, 24 Mar 1997 06:09:50 +0000
Subject: Don't open the tz file if we're running setuid or setgid to prevent
 infomration leakage.

Submitted by:	Julian Assange
---
 lib/libc/stdtime/localtime.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/libc')

diff --git a/lib/libc/stdtime/localtime.c b/lib/libc/stdtime/localtime.c
index 3438cc6..031e665 100644
--- a/lib/libc/stdtime/localtime.c
+++ b/lib/libc/stdtime/localtime.c
@@ -305,8 +305,10 @@ register struct state * const	sp;
 				doaccess = TRUE;
 			name = fullname;
 		}
-		if (doaccess && access(name, R_OK) != 0)
-			return -1;
+		/* XXX Should really be issetguid(), but we don't have that */
+		if (doaccess && 
+			(getuid() != geteuid() || getgid() != getegid()) )
+		     	return -1;
 		if ((fid = open(name, OPEN_MODE)) == -1)
 			return -1;
 		if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode))
-- 
cgit v1.1