cwr@pnet01.cts.com (Will Rose) (02/07/90)
While writing a version of ps for PC Minix 1.5.0, I came across a couple
of places where information on command parameters was discarded; one was
in execvn, for which I recently posted a fix, and one was in login, for
which the fix follows.
By the way, login accepts a username argument only if you're root; if login
itself is setuid root, there's a massive security hole. Is this as it
should be?
Will
-------------------------------------------------------------------------
"The vocabulary of Bradshaw is nervous |
and terse, but limited." | cwr@pnet01.cts.com
Sir A Conan Doyle. |
-------------------------------------------------------------------------
*** Src/login.old Thu Dec 28 16:22:36 1989
--- Src/login.c Tue Feb 6 11:16:26 1990
***************
*** 61,67 ****
struct passwd *pwd;
struct stat statbuf;
char *sh = "/bin/sh";
!
/* Reset some of the line parameters in case they have been mashed */
if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 );
--- 61,69 ----
struct passwd *pwd;
struct stat statbuf;
char *sh = "/bin/sh";
! char buff[32];
! strcpy(buff, "-");
!
/* Reset some of the line parameters in case they have been mashed */
if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 );
***************
*** 156,162 ****
for ( n = 1; n <= _NSIG; ++n )
signal( n, SIG_DFL );
! execle( sh, "-", NULL, env );
write(1,"exec failure\n",13);
exit(1);
}
--- 158,165 ----
for ( n = 1; n <= _NSIG; ++n )
signal( n, SIG_DFL );
! strcat(buff, sh);
! execle( sh, buff, NULL, env );
write(1,"exec failure\n",13);
exit(1);
}
-----------------------------------------------------------------------
"If heaven too had passions | Will Rose
even heaven would | UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cw
grow old." - Li Ho. | ARPA: crash!pnet01!cwr@nosc.mil
| INET: cwr@pnet01.cts.com
UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cwr
ARPA: crash!pnet01!cwr@nosc.mil
INET: cwr@pnet01.cts.com