fix major security hole for dm; use vfork, not fork

author Keith Bostic <bostic@ucbvax.Berkeley.EDU>

Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)

committer Keith Bostic <bostic@ucbvax.Berkeley.EDU>

Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
author Keith Bostic <bostic@ucbvax.Berkeley.EDU>
Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
committer Keith Bostic <bostic@ucbvax.Berkeley.EDU>
Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
diff --git a/usr/src/old/btlgammon/btlgammon.c b/usr/src/old/btlgammon/btlgammon.c

index fa90e97..7504140 100644 (file)
--- a/usr/src/old/btlgammon/btlgammon.c
+++ b/usr/src/old/btlgammon/btlgammon.c
@@ -139,9 +139,14 @@ retry:
                         exit(0);
  
                 case '!':                       /* escape to Shell */
                         exit(0);
  
                 case '!':                       /* escape to Shell */
+#ifdef ADD_A_MAJOR_SECURITY_HOLE
                         if(s[1] != '\0')
                                 system(s+1);
                         if(s[1] != '\0')
                                 system(s+1);
-                       else if((pid = fork()) == 0) {
+                       else
+#endif
+                       if (!(pid = vfork()) == 0) {
+                               (void)setuid(getuid());
+                               (void)setgid(getgid());
                                 execl("/bin/sh", "sh", "-", 0);
                                 fprintf(stderr, "back: cannot exec /bin/sh!\n");
                                 exit(2);
                                 execl("/bin/sh", "sh", "-", 0);
                                 fprintf(stderr, "back: cannot exec /bin/sh!\n");
                                 exit(2);
author	Keith Bostic <bostic@ucbvax.Berkeley.EDU>
	Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
committer	Keith Bostic <bostic@ucbvax.Berkeley.EDU>
	Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)