From 1ac73728e4fb9188de899a35eb12fe3adad86b1d Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Mon, 26 Aug 1996 00:17:29 +0000 Subject: use issetugid() to protect against bad getenv --- lib/libc/db/btree/bt_open.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/libc/db') diff --git a/lib/libc/db/btree/bt_open.c b/lib/libc/db/btree/bt_open.c index 5cf95665d9b..fecc36c4000 100644 --- a/lib/libc/db/btree/bt_open.c +++ b/lib/libc/db/btree/bt_open.c @@ -35,7 +35,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: bt_open.c,v 1.3 1996/08/19 08:20:07 tholo Exp $"; +static char rcsid[] = "$OpenBSD: bt_open.c,v 1.4 1996/08/26 00:17:14 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -388,10 +388,11 @@ tmp() { sigset_t set, oset; int fd; - char *envtmp; + char *envtmp = NULL; char path[MAXPATHLEN]; - envtmp = getenv("TMPDIR"); + if (issetugid() == 0) + envtmp = getenv("TMPDIR"); (void)snprintf(path, sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : "/tmp"); -- cgit v1.2.3