lib/pwdutils: don't use getlogin(3).
Per the man page, it shouldn't be used for security purposes. This is an issue especially on musl, where getlogin is implemented as getenv("LOGNAME"). Since xgetlogin is being used as user identity in su(1), to set PAM_RUSER, we simply switch to always using getpwuid(getuid()). Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
This commit is contained in:
parent
3c466f7c35
commit
bca77acb03
|
@ -104,11 +104,6 @@ char *xgetlogin(void)
|
|||
{
|
||||
struct passwd *pw = NULL;
|
||||
uid_t ruid;
|
||||
char *user;
|
||||
|
||||
user = getlogin();
|
||||
if (user)
|
||||
return xstrdup(user);
|
||||
|
||||
/* GNU Hurd implementation has an extension where a process can exist in a
|
||||
* non-conforming environment, and thus be outside the realms of POSIX
|
||||
|
@ -117,6 +112,9 @@ char *xgetlogin(void)
|
|||
* environment.
|
||||
*
|
||||
* http://austingroupbugs.net/view.php?id=511
|
||||
*
|
||||
* The same implementation is useful for other systems, since getlogin(3)
|
||||
* shouldn't be used as actual identification.
|
||||
*/
|
||||
errno = 0;
|
||||
ruid = getuid();
|
||||
|
|
Loading…
Reference in New Issue