diff options
author | christos <christos@NetBSD.org> | 1997-11-16 21:41:53 +0000 |
---|---|---|
committer | christos <christos@NetBSD.org> | 1997-11-16 21:41:53 +0000 |
commit | a802fa34d624ed55dc2ad33475fb1087c6763d05 (patch) | |
tree | 0f1c2e295891c4c883bb0ac34983230c4521d413 /fish | |
parent | 47f23b4f10428f71ab807c77a74f061e7b573417 (diff) | |
download | bsdgames-darwin-a802fa34d624ed55dc2ad33475fb1087c6763d05.tar.gz bsdgames-darwin-a802fa34d624ed55dc2ad33475fb1087c6763d05.tar.zst bsdgames-darwin-a802fa34d624ed55dc2ad33475fb1087c6763d05.zip |
PR/4489: Mika Nystroem: Security hole exec'ing more in fish instructions.
Diffstat (limited to 'fish')
-rw-r--r-- | fish/fish.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/fish/fish.c b/fish/fish.c index 03171e96..182305e5 100644 --- a/fish/fish.c +++ b/fish/fish.c @@ -1,4 +1,4 @@ -/* $NetBSD: fish.c,v 1.4 1997/10/10 12:58:32 lukem Exp $ */ +/* $NetBSD: fish.c,v 1.5 1997/11/16 21:41:53 christos Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -46,17 +46,20 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 1993\n\ #if 0 static char sccsid[] = "@(#)fish.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: fish.c,v 1.4 1997/10/10 12:58:32 lukem Exp $"); +__RCSID("$NetBSD: fish.c,v 1.5 1997/11/16 21:41:53 christos Exp $"); #endif #endif /* not lint */ #include <sys/types.h> -#include <sys/errno.h> +#include <sys/wait.h> +#include <errno.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> +#include <unistd.h> #include <string.h> #include <time.h> +#include <err.h> #include "pathnames.h" #define RANKS 13 @@ -446,7 +449,8 @@ void instructions() { int input; - char buf[1024]; + pid_t pid; + int status; (void)printf("Would you like instructions (y or n)? "); input = getchar(); @@ -454,8 +458,20 @@ instructions() if (input != 'y') return; - (void)sprintf(buf, "%s %s", _PATH_MORE, _PATH_INSTR); - (void)system(buf); + switch (pid = fork()) { + case 0: /* child */ + (void)setuid(getuid()); + (void)setgid(getgid()); + (void)execl(_PATH_MORE, "more", _PATH_INSTR, NULL); + err(1, "%s %s", _PATH_MORE, _PATH_INSTR); + /*NOTREACHED*/ + case -1: + err(1, "fork"); + /*NOTREACHED*/ + default: + (void)waitpid(pid, &status, 0); + break; + } (void)printf("Hit return to continue...\n"); while ((input = getchar()) != EOF && input != '\n'); } |