blob: 6aa1a657a9e2ef459ac33951dc3a1ce6fc4aacb9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
Use secure_getenv instead of getenv for setuid programs
(bnc#694598 CVE-2011-2709 bnc#831805)
import from:
https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
Upstream-Status: Pending
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
diff --git a/src/g_initialize.c b/src/g_initialize.c
index 200f173..935a9fa 100644
--- a/src/g_initialize.c
+++ b/src/g_initialize.c
@@ -26,6 +26,7 @@
* This function will initialize the gssapi mechglue library
*/
+#define _GNU_SOURCE
#include "mglueP.h"
#include <stdlib.h>
@@ -197,8 +198,7 @@ static void solaris_initialize ()
void *dl;
gss_mechanism (*sym)(void), mech;
- if ((getuid() != geteuid()) ||
- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
filename = MECH_CONF;
if ((conffile = fopen(filename, "r")) == NULL) {
@@ -274,8 +274,7 @@ static void linux_initialize ()
void *dl;
gss_mechanism (*sym)(void), mech;
- if ((getuid() != geteuid()) ||
- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
filename = MECH_CONF;
if ((conffile = fopen(filename, "r")) == NULL) {
|
