diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-07-17 21:02:35 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-07-20 15:14:43 +0300 |
commit | 829a501de758c5226b1aae27ecb0d95bc3b6db6b (patch) | |
tree | a4649ef282aad0e8ebcb826db2b2ce3e8f38a801 | |
parent | 443fc07c79b9b3b99a3e34c0a194ce59ba2cd227 (diff) | |
download | abuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.tar.bz2 abuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.tar.xz |
abuild-sudo: prevent forging of user name
-rw-r--r-- | abuild-sudo.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/abuild-sudo.c b/abuild-sudo.c index de8eb94..3afd887 100644 --- a/abuild-sudo.c +++ b/abuild-sudo.c @@ -77,22 +77,19 @@ int main(int argc, const char *argv[]) if (grent == NULL) errx(1, "%s: Group not found", ABUILD_GROUP); - char *name = getlogin(); - if (name == NULL) { - pw = getpwuid(getuid()); - if (pw) - name = pw->pw_name; - } + char *name = NULL; + pw = getpwuid(getuid()); + if (pw) + name = pw->pw_name; if (!is_in_group(grent->gr_gid)) { errx(1, "User %s is not a member of group %s\n", name ? name : "(unknown)", ABUILD_GROUP); } - if (name) { - setenv("USER", name, 1); - } else { + + if (name == NULL) warnx("Could not find username for uid %d\n", getuid()); - } + setenv("USER", name ?: "", 1); cmd = strrchr(argv[0], '/'); if (cmd) |