mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-18 10:35:55 +00:00
Close a security hole in sliplogin.
If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version. Reviewed by: bde, peter Submitted by: AUS CERT Obtained from: Linux sliplogin-2.02
This commit is contained in:
parent
3fb9e5a20b
commit
c64765e4cc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=15371
@ -88,6 +88,13 @@ static char sccsid[] = "@(#)sliplogin.c 8.2 (Berkeley) 2/1/94";
|
||||
#include <signal.h>
|
||||
#include "pathnames.h"
|
||||
|
||||
extern char **environ;
|
||||
|
||||
static char *restricted_environ[] = {
|
||||
"PATH=" _PATH_STDPATH,
|
||||
NULL
|
||||
};
|
||||
|
||||
int unit;
|
||||
int slip_mode;
|
||||
speed_t speed;
|
||||
@ -124,6 +131,8 @@ findid(name)
|
||||
char buf[128];
|
||||
int i, j, n;
|
||||
|
||||
environ = restricted_environ; /* minimal protection for system() */
|
||||
|
||||
(void)strcpy(loginname, name);
|
||||
if ((fp = fopen(_PATH_ACCESS, "r")) == NULL) {
|
||||
accfile_err:
|
||||
|
Loading…
Reference in New Issue
Block a user