diff options
author | FRIGN <dev@frign.de> | 2016-09-11 23:17:53 +0200 |
---|---|---|
committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-09-23 18:54:56 +0200 |
commit | dc2e8e839e4d72f5fec36c9a0474e6062a7a8f51 (patch) | |
tree | 96a61fe42f121ff860cd2f225472db7c400feba0 | |
parent | 9a617db716641da8489e2062e04098220954bffe (diff) | |
download | slock-dc2e8e839e4d72f5fec36c9a0474e6062a7a8f51.tar.gz slock-dc2e8e839e4d72f5fec36c9a0474e6062a7a8f51.tar.xz |
Stop using $USER for shadow entries
This was extremely bad practice, effectively making the program behave
different depending on which architecture you are running it on.
OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam,
so we resort to using the pw_name entry in the struct passwd we filled
earlier.
This prevents slock from crashing when $USER is empty (easy to do). If
you want to run slock as a different user, don't use
$ USER="tom" slock
but doas or sudo which were designed for this purpose.
-rw-r--r-- | slock.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -103,14 +103,14 @@ gethash(void) #if HAVE_SHADOW_H if (hash[0] == 'x' && hash[1] == '\0') { struct spwd *sp; - if (!(sp = getspnam(getenv("USER")))) + if (!(sp = getspnam(pw->pw_name))) die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); hash = sp->sp_pwdp; } #else if (hash[0] == '*' && hash[1] == '\0') { #ifdef __OpenBSD__ - if (!(pw = getpwnam_shadow(getenv("USER")))) + if (!(pw = getpwuid_shadow(getuid()))) die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); hash = pw->pw_passwd; #else |