[685] in linux-security and linux-alert archive
Re: [linux-security] WARNING: libc/ruserok security hole
daemon@ATHENA.MIT.EDU (Swen Thuemmler)
Wed Apr 24 16:38:58 1996
Date: Wed, 24 Apr 1996 21:29:05 +0200 (MET DST)
From: Swen Thuemmler <swen@uni-paderborn.de>
To: Linux GCC <linux-gcc@vger.rutgers.edu>
cc: Linux Security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <Pine.LNX.3.91.960422003449.22489B-100000@palantir.res.wpi.edu>
The patch below takes care of the problem.
Greetings, Swen
--- libc/inet/rcmd.c.orig Wed Feb 14 09:25:21 1996
+++ libc/inet/rcmd.c Wed Apr 24 21:26:49 1996
@@ -425,10 +425,10 @@
else if (user[0] == '-')
uservalid = -uservalid;
else if (user[0] != '+')
- uservalid = !strcmp(ruser, *user ? user : luser);
+ uservalid = !strcmp(ruser, user);
}
else
- uservalid = 1; /* no user means all users */
+ uservalid = !strcmp(ruser, luser); /* no user means local user */
if (hostvalid)
if (uservalid == 1)
