From: <hesso@pool.math.tu-berlin.de>
Subject: No description.

diff -Naur nvi-1.81.6.orig/ex/ex_init.c nvi-1.81.6/ex/ex_init.c
--- nvi-1.81.6.orig/ex/ex_init.c	2007-11-18 17:41:42.000000000 +0100
+++ nvi-1.81.6/ex/ex_init.c	2008-05-01 18:24:45.000000000 +0200
@@ -26,6 +26,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include "../common/common.h"
 #include "tag.h"
 #include "pathnames.h"
@@ -346,6 +349,9 @@
 	int nf1, nf2;
 	char *a, *b, buf[MAXPATHLEN];
 
+	struct group *grp_p;
+	struct passwd *pwd_p;
+
 	/* Check for the file's existence. */
 	if (stat(path, sbp))
 		return (NOEXIST);
@@ -359,10 +365,30 @@
 	}
 
 	/* Check writeability. */
-	if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
+	if (sbp->st_mode & S_IWOTH) {
 		etype = WRITER;
 		goto denied;
 	}
+	if (sbp->st_mode & S_IWGRP) {
+		/* on system error (getgrgid or getpwnam return NULL) set etype to WRITER
+		 * and continue execution */
+		if( (grp_p = getgrgid(sbp->st_gid)) == NULL) {
+			etype = WRITER;
+			goto denied;
+		}
+
+		/* lookup the group members' uids for an uid different from euid */
+		while( ( *(grp_p->gr_mem) ) != NULL) { /* gr_mem is a null-terminated array */
+			if( (pwd_p = getpwnam(*(grp_p->gr_mem)++)) == NULL) {
+				etype = WRITER;
+				goto denied;
+			}
+			if(pwd_p->pw_uid != euid) {
+				etype = WRITER;
+				goto denied;
+			}
+		}
+	}
 	return (RCOK);
 
 denied:	a = msg_print(sp, path, &nf1);