encrypted passwords while editing.
SCCS-vsn: usr.sbin/vipw/pw_util.c 5.5
-static char sccsid[] = "@(#)pw_util.c 8.1 (Berkeley) %G%";
+static char sccsid[] = "@(#)pw_util.c 5.5 (Berkeley) %G%";
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/resource.h>
-#include <paths.h>
-#include <string.h>
extern char *progname;
extern char *tempname;
extern char *progname;
extern char *tempname;
{
/*
* If the master password file doesn't exist, the system is hosed.
{
/*
* If the master password file doesn't exist, the system is hosed.
- * Might as well try to build one.
+ * Might as well try to build one. Set the close-on-exec bit so
+ * that users can't get at the encrypted passwords while editing.
* Open should allow flock'ing the file; see 4.4BSD. XXX
*/
lockfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
* Open should allow flock'ing the file; see 4.4BSD. XXX
*/
lockfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
+ if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) {
(void)fprintf(stderr, "%s: %s: %s\n",
progname, _PATH_MASTERPASSWD, strerror(errno));
exit(1);
(void)fprintf(stderr, "%s: %s: %s\n",
progname, _PATH_MASTERPASSWD, strerror(errno));
exit(1);
- (void)sprintf(p, "%s.XXXXXX", progname);
+ (void)snprintf(p, sizeof(path), "%s.XXXXXX", progname);
if ((fd = mkstemp(path)) == -1) {
(void)fprintf(stderr,
"%s: %s: %s\n", progname, path, strerror(errno));
if ((fd = mkstemp(path)) == -1) {
(void)fprintf(stderr,
"%s: %s: %s\n", progname, path, strerror(errno));