On Thu, Nov 13, 2003 at 09:26:09PM +0100, Andreas Metzler wrote:
> Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> > On Wed, Nov 12, 2003 at 05:59:09PM +0100, Andreas Metzler wrote:
> > The code does this:
>
> > if (strcmp(pwd->pw_passwd, "*NP*") == 0) { /* NIS+
> > */
> [...]
> > seteuid(save_uid);
>
> > salt = x_strdup(spwdent->sp_pwdp);
> > } else {
> > salt = x_strdup(pwd->pw_passwd);
> > }
>
> > Obviously, seteuid isn't going to work when we aren't root.
>
> That is NIS+ not NIS.
Do we have two problems instead of one, then? I suppose that since it
doesn't check the return code, and the euid should already be that of the
user whose password is being checked, it should work...some code should
probably be added to skip seteuid if it is not running setuid.
--
- mdz
