diff options
| author | Warner Losh <imp@FreeBSD.org> | 1997-03-24 06:09:50 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 1997-03-24 06:09:50 +0000 |
| commit | 418d4a98172da659958cb3d4aad86fcc062639f1 (patch) | |
| tree | 04b3d6877471ffe95cf866681832cfc6a5b5b49a /lib/libc/stdtime | |
| parent | fca08b7cfa7dee089da7879cf278ccd58163c582 (diff) | |
| download | src-418d4a98172da659958cb3d4aad86fcc062639f1.tar.gz src-418d4a98172da659958cb3d4aad86fcc062639f1.zip | |
Don't open the tz file if we're running setuid or setgid to prevent infomration
leakage.
Submitted by: Julian Assange
Notes
Notes:
svn path=/head/; revision=24195
Diffstat (limited to 'lib/libc/stdtime')
| -rw-r--r-- | lib/libc/stdtime/localtime.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libc/stdtime/localtime.c b/lib/libc/stdtime/localtime.c index 3438cc673e72..031e6651878f 100644 --- a/lib/libc/stdtime/localtime.c +++ b/lib/libc/stdtime/localtime.c @@ -305,8 +305,10 @@ register struct state * const sp; doaccess = TRUE; name = fullname; } - if (doaccess && access(name, R_OK) != 0) - return -1; + /* XXX Should really be issetguid(), but we don't have that */ + if (doaccess && + (getuid() != geteuid() || getgid() != getegid()) ) + return -1; if ((fid = open(name, OPEN_MODE)) == -1) return -1; if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) |