Commit 2568607f authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

main/abuild: prevent forging of user name

parent bf03dbfa
From 829a501de758c5226b1aae27ecb0d95bc3b6db6b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 17 Jul 2017 21:02:35 +0300
Subject: [PATCH] abuild-sudo: prevent forging of user name
---
abuild-sudo.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/abuild-sudo.c b/abuild-sudo.c
index de8eb94..3afd887 100644
--- a/abuild-sudo.c
+++ b/abuild-sudo.c
@@ -77,22 +77,19 @@ int main(int argc, const char *argv[])
if (grent == NULL)
errx(1, "%s: Group not found", ABUILD_GROUP);
- char *name = getlogin();
- if (name == NULL) {
- pw = getpwuid(getuid());
- if (pw)
- name = pw->pw_name;
- }
+ char *name = NULL;
+ pw = getpwuid(getuid());
+ if (pw)
+ name = pw->pw_name;
if (!is_in_group(grent->gr_gid)) {
errx(1, "User %s is not a member of group %s\n",
name ? name : "(unknown)", ABUILD_GROUP);
}
- if (name) {
- setenv("USER", name, 1);
- } else {
+
+ if (name == NULL)
warnx("Could not find username for uid %d\n", getuid());
- }
+ setenv("USER", name ?: "", 1);
cmd = strrchr(argv[0], '/');
if (cmd)
--
2.9.4
......@@ -2,7 +2,7 @@
pkgname=abuild
pkgver=3.0.0_rc4
_ver=${pkgver%_git*}
pkgrel=1
pkgrel=2
pkgdesc="Script to build Alpine Packages"
url="http://git.alpinelinux.org/cgit/abuild/"
arch="all"
......@@ -22,6 +22,7 @@ options="suid !check"
pkggroups="abuild"
source="http://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz
0001-abuild-add-sanitycheck-for-secfixes-comment.patch
0001-abuild-sudo-prevent-forging-of-user-name.patch
"
builddir="$srcdir/$pkgname-$_ver"
......@@ -69,4 +70,5 @@ _rootbld() {
}
sha512sums="e3b3827b7c3ebdc5d8ab39b1fc514a3cc0ed75a6d5ebc86c9d986441a7a16c1a3aa11f9840c35aa7f000a593421fdc9804b3608d7247f0b4686ba48cc898846a abuild-3.0.0_rc4.tar.xz
94cdfba2c185e96d3a631b36f5b438fd95f90a73b06cbb4afa7864454e05b7c91f6e7a905d7ec73e39fdcf2ab050a7ca59129621dabb39bdc0e2bf2ba38871a0 0001-abuild-add-sanitycheck-for-secfixes-comment.patch"
94cdfba2c185e96d3a631b36f5b438fd95f90a73b06cbb4afa7864454e05b7c91f6e7a905d7ec73e39fdcf2ab050a7ca59129621dabb39bdc0e2bf2ba38871a0 0001-abuild-add-sanitycheck-for-secfixes-comment.patch
3b69a3ee4b07d2e7567408d24f41af4076a2a2948ccf2cacf7b6f1f964edf425c8cf49536e2e42c0eac16681d92daea96c10c41a797459a9aba9845d20a841fb 0001-abuild-sudo-prevent-forging-of-user-name.patch"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment