From NetBSD: Warn about potentially unsafe uid/gid overrides.

1 files changed, 15 insertions, 3 deletions

diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 0d22bd53db1..c487b932b00 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -1,4 +1,5 @@
-/*	$OpenBSD: pwd_mkdb.c,v 1.9 1997/01/15 23:44:14 millert Exp $	*/
+/*	$OpenBSD: pwd_mkdb.c,v 1.10 1997/01/16 03:58:23 millert Exp $	*/
+
 /*-
  * Copyright (c) 1991, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
@@ -40,8 +41,11 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-/*static char sccsid[] = "from: @(#)pwd_mkdb.c	8.5 (Berkeley) 4/20/94";*/
-static char *rcsid = "$Id: pwd_mkdb.c,v 1.9 1997/01/15 23:44:14 millert Exp $";
+#if 0
+static char sccsid[] = "from: @(#)pwd_mkdb.c	8.5 (Berkeley) 4/20/94";
+#else
+static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.10 1997/01/16 03:58:23 millert Exp $";
+#endif
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -204,6 +208,14 @@ main(argc, argv)
 		if((pwd.pw_name[0] == '+') || (pwd.pw_name[0] == '-'))
 			hasyp++;
 
+		/* Warn about potentially unsafe uid/gid overrides. */
+		if (pwd.pw_name[0] == '+') {
+			if ((flags & _PASSWORD_NOUID) == 0 && pwd.pw_uid == 0)
+				warnx("line %d: superuser override in YP inclusion", cnt);
+			if ((flags & _PASSWORD_NOGID) == 0 && pwd.pw_gid == 0)
+				warnx("line %d: wheel override in YP inclusion", cnt);
+		}
+
 		/* Create insecure data. */
 		p = buf;
 		COMPACT(pwd.pw_name);