[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#155583: radiusd-freeradius history and future

On Thu, Nov 13, 2003 at 09:26:09PM +0100, Andreas Metzler wrote:

> Matt Zimmerman <mdz@debian.org> wrote:
> > On Wed, Nov 12, 2003 at 05:59:09PM +0100, Andreas Metzler wrote:
> > The code does this:
> 
> >               if (strcmp(pwd->pw_passwd, "*NP*") == 0) {      /* NIS+ 
> > */
> [...]
> >                       seteuid(save_uid);
> 
> >                       salt = x_strdup(spwdent->sp_pwdp);
> >               } else {
> >                       salt = x_strdup(pwd->pw_passwd);
> >               }
> 
> > Obviously, seteuid isn't going to work when we aren't root.
> 
> That is NIS+ not NIS.

Do we have two problems instead of one, then?  I suppose that since it
doesn't check the return code, and the euid should already be that of the
user whose password is being checked, it should work...some code should
probably be added to skip seteuid if it is not running setuid.

-- 
 - mdz
Reply to: