cwr@pnet01.cts.com (Will Rose) (02/07/90)
While writing a version of ps for PC Minix 1.5.0, I came across a couple of places where information on command parameters was discarded; one was in execvn, for which I recently posted a fix, and one was in login, for which the fix follows. By the way, login accepts a username argument only if you're root; if login itself is setuid root, there's a massive security hole. Is this as it should be? Will ------------------------------------------------------------------------- "The vocabulary of Bradshaw is nervous | and terse, but limited." | cwr@pnet01.cts.com Sir A Conan Doyle. | ------------------------------------------------------------------------- *** Src/login.old Thu Dec 28 16:22:36 1989 --- Src/login.c Tue Feb 6 11:16:26 1990 *************** *** 61,67 **** struct passwd *pwd; struct stat statbuf; char *sh = "/bin/sh"; ! /* Reset some of the line parameters in case they have been mashed */ if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 ); --- 61,69 ---- struct passwd *pwd; struct stat statbuf; char *sh = "/bin/sh"; ! char buff[32]; ! strcpy(buff, "-"); ! /* Reset some of the line parameters in case they have been mashed */ if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 ); *************** *** 156,162 **** for ( n = 1; n <= _NSIG; ++n ) signal( n, SIG_DFL ); ! execle( sh, "-", NULL, env ); write(1,"exec failure\n",13); exit(1); } --- 158,165 ---- for ( n = 1; n <= _NSIG; ++n ) signal( n, SIG_DFL ); ! strcat(buff, sh); ! execle( sh, buff, NULL, env ); write(1,"exec failure\n",13); exit(1); } ----------------------------------------------------------------------- "If heaven too had passions | Will Rose even heaven would | UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cw grow old." - Li Ho. | ARPA: crash!pnet01!cwr@nosc.mil | INET: cwr@pnet01.cts.com UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cwr ARPA: crash!pnet01!cwr@nosc.mil INET: cwr@pnet01.cts.com