aboutsummaryrefslogtreecommitdiffstats
path: root/main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch')
-rw-r--r--main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch b/main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch
new file mode 100644
index 0000000000..bb480634df
--- /dev/null
+++ b/main/abuild/0001-abuild-sudo-prevent-forging-of-user-name.patch
@@ -0,0 +1,46 @@
+From 829a501de758c5226b1aae27ecb0d95bc3b6db6b Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Mon, 17 Jul 2017 21:02:35 +0300
+Subject: [PATCH] abuild-sudo: prevent forging of user name
+
+---
+ abuild-sudo.c | 17 +++++++----------
+ 1 file changed, 7 insertions(+), 10 deletions(-)
+
+diff --git a/abuild-sudo.c b/abuild-sudo.c
+index de8eb94..3afd887 100644
+--- a/abuild-sudo.c
++++ b/abuild-sudo.c
+@@ -77,22 +77,19 @@ int main(int argc, const char *argv[])
+ if (grent == NULL)
+ errx(1, "%s: Group not found", ABUILD_GROUP);
+
+- char *name = getlogin();
+- if (name == NULL) {
+- pw = getpwuid(getuid());
+- if (pw)
+- name = pw->pw_name;
+- }
++ char *name = NULL;
++ pw = getpwuid(getuid());
++ if (pw)
++ name = pw->pw_name;
+
+ if (!is_in_group(grent->gr_gid)) {
+ errx(1, "User %s is not a member of group %s\n",
+ name ? name : "(unknown)", ABUILD_GROUP);
+ }
+- if (name) {
+- setenv("USER", name, 1);
+- } else {
++
++ if (name == NULL)
+ warnx("Could not find username for uid %d\n", getuid());
+- }
++ setenv("USER", name ?: "", 1);
+
+ cmd = strrchr(argv[0], '/');
+ if (cmd)
+--
+2.9.4
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-30 06:02:26 +0000