Re: [hackers] [slock] [PATCHSET] Some improvements and more security

From: FRIGN <dev_AT_frign.de>
Date: Sun, 11 Sep 2016 23:32:04 +0200

On Sun, 11 Sep 2016 23:24:20 +0200
FRIGN <dev_AT_frign.de> wrote:

> See attached. Most important is the patch which removes the
> abomination of user $USER which actually poses quite a risk and only
> is done on part of the systems.

So you can test this, do the following

        $ unset USER
        $ slock
        Segmentation fault
        $

This is due to getenv() returning NULL which in turn is not well-taken
by the getpwnam_user-function. We don't want it to segfault!

-- 
FRIGN <dev_AT_frign.de>
Received on Sun Sep 11 2016 - 23:32:04 CEST

This archive was generated by hypermail 2.3.0 : Sun Sep 11 2016 - 23:36:17 CEST