From 829a501de758c5226b1aae27ecb0d95bc3b6db6b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 17 Jul 2017 21:02:35 +0300
Subject: abuild-sudo: prevent forging of user name

---
 abuild-sudo.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/abuild-sudo.c b/abuild-sudo.c
index de8eb94..3afd887 100644
--- a/abuild-sudo.c
+++ b/abuild-sudo.c
@@ -77,22 +77,19 @@ int main(int argc, const char *argv[])
 	if (grent == NULL)
 		errx(1, "%s: Group not found", ABUILD_GROUP);
 
-	char *name = getlogin();
-	if (name == NULL) {
-		pw = getpwuid(getuid());
-		if (pw)
-			name = pw->pw_name;
-	}
+	char *name = NULL;
+	pw = getpwuid(getuid());
+	if (pw)
+		name = pw->pw_name;
 
 	if (!is_in_group(grent->gr_gid)) {
 		errx(1, "User %s is not a member of group %s\n",
 			name ? name : "(unknown)", ABUILD_GROUP);
 	}
-	if (name) {
-		setenv("USER", name, 1);
-	} else {
+
+	if (name == NULL)
 		warnx("Could not find username for uid %d\n", getuid());
-	}
+	setenv("USER", name ?: "", 1);
 
 	cmd = strrchr(argv[0], '/');
 	if (cmd)
-- 
cgit v1.2.3-60-g2f50