Don't open the tz file if we're running setuid or setgid to prevent infomration

leakage. Submitted by: Julian Assange
1997-03-24 06:09:50 +00:00 · 1997-03-24 06:09:50 +00:00 · 52677342d6
commit 52677342d6
parent 4ea8eab386
1 changed files with 4 additions and 2 deletions
--- a/lib/libc/stdtime/localtime.c
+++ b/lib/libc/stdtime/localtime.c
@ -305,8 +305,10 @@ register struct state * const	sp;
 				doaccess = TRUE;
 			name = fullname;
 		}
-		if (doaccess && access(name, R_OK) != 0)
-			return -1;
+		/* XXX Should really be issetguid(), but we don't have that */
+		if (doaccess && 
+			(getuid() != geteuid() || getgid() != getegid()) )
+		     	return -1;
 		if ((fid = open(name, OPEN_MODE)) == -1)
 			return -1;
 		if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode))