Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!ames!pasteur!helios.ee.lbl.gov!nosc!crash!pnet01!cwr
From: cwr@pnet01.cts.com (Will Rose)
Newsgroups: comp.os.minix
Subject: Patch to PC 1.5.0 login.c
Message-ID: <1382@crash.cts.com>
Date: 7 Feb 90 04:36:04 GMT
Sender: root@crash.cts.com
Organization: People-Net [pnet01], El Cajon CA
Lines: 65

While writing a version of ps for PC Minix 1.5.0, I came across a couple
of places where information on command parameters was discarded; one was
in execvn, for which I recently posted a fix, and one was in login, for
which the fix follows.
 
By the way, login accepts a username argument only if you're root; if login
itself is setuid root, there's a massive security hole.  Is this as it
should be?
 
Will
 
-------------------------------------------------------------------------
   "The vocabulary of Bradshaw is nervous     |
       and terse, but limited."               |   cwr@pnet01.cts.com
           Sir A Conan Doyle.                 |
-------------------------------------------------------------------------
*** Src/login.old       Thu Dec 28 16:22:36 1989
--- Src/login.c Tue Feb  6 11:16:26 1990
***************
*** 61,67 ****
        struct  passwd *pwd;
        struct stat statbuf;
        char   *sh = "/bin/sh";
! 
        /* Reset some of the line parameters in case they have been mashed */
        if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 );
  
--- 61,69 ----
        struct  passwd *pwd;
        struct stat statbuf;
        char   *sh = "/bin/sh";
!       char   buff[32];
!       strcpy(buff, "-");
!  
        /* Reset some of the line parameters in case they have been mashed */
        if ( ioctl(0, TIOCGETP, &args) < 0 ) exit( 1 );
  
***************
*** 156,162 ****
                for ( n = 1;  n <= _NSIG;  ++n )
                    signal( n, SIG_DFL );
  
!               execle( sh, "-", NULL, env );
                write(1,"exec failure\n",13);
                exit(1);
        }
--- 158,165 ----
                for ( n = 1;  n <= _NSIG;  ++n )
                    signal( n, SIG_DFL );
  
!               strcat(buff, sh);
!               execle( sh, buff, NULL, env );
                write(1,"exec failure\n",13);
                exit(1);
        }
-----------------------------------------------------------------------
"If heaven too had passions  | Will Rose
     even heaven would       | UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cw
     grow old."  -  Li Ho.   | ARPA: crash!pnet01!cwr@nosc.mil
                             | INET: cwr@pnet01.cts.com


UUCP: {nosc ucsd hplabs!hp-sdd}!crash!pnet01!cwr
ARPA: crash!pnet01!cwr@nosc.mil
INET: cwr@pnet01.cts.com