summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-07-17 21:02:35 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-07-20 15:14:43 +0300
commit829a501de758c5226b1aae27ecb0d95bc3b6db6b (patch)
treea4649ef282aad0e8ebcb826db2b2ce3e8f38a801
parent443fc07c79b9b3b99a3e34c0a194ce59ba2cd227 (diff)
downloadabuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.tar.gz
abuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.tar.bz2
abuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.tar.xz
abuild-829a501de758c5226b1aae27ecb0d95bc3b6db6b.zip
abuild-sudo: prevent forging of user name
-rw-r--r--abuild-sudo.c17
1 files changed, 7 insertions, 10 deletions
diff --git a/abuild-sudo.c b/abuild-sudo.c
index de8eb94..3afd887 100644
--- a/abuild-sudo.c
+++ b/abuild-sudo.c
@@ -77,22 +77,19 @@ int main(int argc, const char *argv[])
if (grent == NULL)
errx(1, "%s: Group not found", ABUILD_GROUP);
- char *name = getlogin();
- if (name == NULL) {
- pw = getpwuid(getuid());
- if (pw)
- name = pw->pw_name;
- }
+ char *name = NULL;
+ pw = getpwuid(getuid());
+ if (pw)
+ name = pw->pw_name;
if (!is_in_group(grent->gr_gid)) {
errx(1, "User %s is not a member of group %s\n",
name ? name : "(unknown)", ABUILD_GROUP);
}
- if (name) {
- setenv("USER", name, 1);
- } else {
+
+ if (name == NULL)
warnx("Could not find username for uid %d\n", getuid());
- }
+ setenv("USER", name ?: "", 1);
cmd = strrchr(argv[0], '/');
if (cmd)