1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00

Close a security hole in sliplogin.

If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version.
Reviewed by:	bde, peter
Submitted by:	AUS CERT
Obtained from:	Linux sliplogin-2.02
This commit is contained in:
Paul Traina 1996-04-24 20:18:25 +00:00
parent 3fb9e5a20b
commit c64765e4cc
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=15371

View File

@ -88,6 +88,13 @@ static char sccsid[] = "@(#)sliplogin.c 8.2 (Berkeley) 2/1/94";
#include <signal.h>
#include "pathnames.h"
extern char **environ;
static char *restricted_environ[] = {
"PATH=" _PATH_STDPATH,
NULL
};
int unit;
int slip_mode;
speed_t speed;
@ -124,6 +131,8 @@ findid(name)
char buf[128];
int i, j, n;
environ = restricted_environ; /* minimal protection for system() */
(void)strcpy(loginname, name);
if ((fp = fopen(_PATH_ACCESS, "r")) == NULL) {
accfile_err: