[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pine port..

To: ports@openbsd.org
Subject: Pine port..
From: CyberPsychotic <mlists@gizmo.kyrnet.kg>
Date: Thu, 26 Aug 1999 19:04:08 +0600 (KGST)
Cc: pine-info@cac.washington.edu

Maybe it would make sence to change PASSWD_PROG definition in pine/os.h
file from full name to relative one, since it breaks functionality when
you use restricted shells. (I would actually like to see all `system'
things being removed and replaced with vfork/exec pairs, but this is a
bunch of work to do). I don't think it would breach security since with
restricted shells PATH variable in under control, and with non-restricted
shells it isn't matter. The only thing is that if user would have some
evil PATH, like /tmp:.:/bin:/usr/bin; then he could be led to run troyaned
version of passwd, but in this case he to blame of his stupidity..


something like this would be cool:

--- os.h.orig   Thu May 14 18:55:27 1998
+++ os.h        Thu Aug 26 18:56:42 1999
@@ -223,7 +223,7 @@


 /*--------- Program employed by users to change their password ---------*/
-#define        PASSWD_PROG     "/usr/bin/passwd"
+#define        PASSWD_PROG     "passwd"


 /*-------------- A couple constants used to size arrays ----------------*/


--
fygrave@tigerteam.net		http://www.kalug.lug.net

Prev by Date: Re: TeTeX problem analysis... sparc guru WANTED
Next by Date: An obstacle to building kaffe1 ... tar !!
Prev by thread: lang/icon/Makefile problems
Next by thread: An obstacle to building kaffe1 ... tar !!
Index(es):
- Date
- Thread