[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch proposal for id.c and groups.c to fix afs bug
From: |
Jim Meyering |
Subject: |
Re: Patch proposal for id.c and groups.c to fix afs bug |
Date: |
Tue, 04 Mar 2008 14:48:47 +0100 |
Didi <address@hidden> wrote:
> Just so we don't talk past each other. The problem is that there could
> be a case where the 'id' or 'group' commands are called but there is
> no user name, neither on the command line nore in the system
> (getlogin() == NULL).
>
> The case when an invalid user is given on the commandline is cought by
> 202 if (pwd == NULL)
> 203 error (EXIT_FAILURE, 0, _("%s: No such user"), argv[optind]);
>
> So I am assuming that getlogin in combination with getpwnam is the problem.
> ?!?
Right. That's the first unchecked use of getlogin.
> Knowing that there must always be a uid we can chage the line :
>
> pwdg = getpwnam (getlogin());
> to :
> pwdg = getpwuid (geteuid());
That sounds fine in that case.
However your patch added one other unchecked use of getlogin.
- if (!print_group_list (NULL, ruid, rgid, egid, true))
+ if (!print_group_list (getlogin(), ruid, rgid, egid, true))