[hackers] [slock] Stop using $USER for shadow entries || FRIGN

From: <git_AT_suckless.org>
Date: Fri, 23 Sep 2016 18:57:16 +0200 (CEST)

commit dc2e8e839e4d72f5fec36c9a0474e6062a7a8f51
Author: FRIGN <dev_AT_frign.de>
AuthorDate: Sun Sep 11 23:17:53 2016 +0200
Commit: Markus Teich <markus.teich_AT_stusta.mhn.de>
CommitDate: Fri Sep 23 18:54:56 2016 +0200

    Stop using $USER for shadow entries
    
    This was extremely bad practice, effectively making the program behave
    different depending on which architecture you are running it on.
    
    OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam,
    so we resort to using the pw_name entry in the struct passwd we filled
    earlier.
    
    This prevents slock from crashing when $USER is empty (easy to do). If
    you want to run slock as a different user, don't use
    
            $ USER="tom" slock
    
    but doas or sudo which were designed for this purpose.

diff --git a/slock.c b/slock.c
index f799174..6dedc69 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -103,14 +103,14 @@ gethash(void)
 #if HAVE_SHADOW_H
         if (hash[0] == 'x' && hash[1] == '\0') {
                 struct spwd *sp;
- if (!(sp = getspnam(getenv("USER"))))
+ if (!(sp = getspnam(pw->pw_name)))
                         die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
                 hash = sp->sp_pwdp;
         }
 #else
         if (hash[0] == '*' && hash[1] == '\0') {
 #ifdef __OpenBSD__
- if (!(pw = getpwnam_shadow(getenv("USER"))))
+ if (!(pw = getpwuid_shadow(getuid())))
                         die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
                 hash = pw->pw_passwd;
 #else
Received on Fri Sep 23 2016 - 18:57:16 CEST

This archive was generated by hypermail 2.3.0 : Fri Sep 23 2016 - 19:00:24 CEST