Disallow libdialog to be used in setugid applications; it is chock full

of buffer overflows. MFC after: 3 days
svn path=/head/; revision=104997
2025-01-12 14:29:28 +00:00 · 2002-10-12 20:32:03 +00:00 · 2002-10-12 20:32:03 +00:00 · d0899afa3a · 2020-12-20 02:59:44 +00:00
commit d0899afa3a
parent 0a331583f7
1 changed files with 8 additions and 0 deletions
--- a/gnu/lib/libdialog/kernel.c
+++ b/gnu/lib/libdialog/kernel.c
@ -75,11 +75,14 @@
 *	         prove 'interesting' to say the least :-)
 *             Added radiolist option
 *	     - Version 0.4 released.
+ *
+ * $FreeBSD$
 */

 #define __DIALOG_MAIN__

 #include <dialog.h>
+#include <err.h>
 #include "dialog.priv.h"
 #ifdef HAVE_NCURSES
 #include "colors.h"
@ -98,6 +101,11 @@ int DialogInputAttrs;
 */
 void init_dialog(void)
 {
+
+  if (issetugid()) {
+	errx(1, "libdialog is unsafe to use in setugid applications");
+  }
+
 #if defined(LOCALE)
  (void) setlocale(LC_ALL, "");
 #endif