fix major security hole for dm; use vfork, not fork
authorKeith Bostic <bostic@ucbvax.Berkeley.EDU>
Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
committerKeith Bostic <bostic@ucbvax.Berkeley.EDU>
Mon, 21 Sep 1987 02:21:13 +0000 (18:21 -0800)
SCCS-vsn: old/btlgammon/btlgammon.c 1.2

usr/src/old/btlgammon/btlgammon.c

index fa90e97..7504140 100644 (file)
@@ -139,9 +139,14 @@ retry:
                        exit(0);
 
                case '!':                       /* escape to Shell */
                        exit(0);
 
                case '!':                       /* escape to Shell */
+#ifdef ADD_A_MAJOR_SECURITY_HOLE
                        if(s[1] != '\0')
                                system(s+1);
                        if(s[1] != '\0')
                                system(s+1);
-                       else if((pid = fork()) == 0) {
+                       else
+#endif
+                       if (!(pid = vfork()) == 0) {
+                               (void)setuid(getuid());
+                               (void)setgid(getgid());
                                execl("/bin/sh", "sh", "-", 0);
                                fprintf(stderr, "back: cannot exec /bin/sh!\n");
                                exit(2);
                                execl("/bin/sh", "sh", "-", 0);
                                fprintf(stderr, "back: cannot exec /bin/sh!\n");
                                exit(2);