use getpeereid

x11/kde/libs2/patches/patch-kdesu_client_cpp

@@ -0,0 +1,52 @@
+$OpenBSD: patch-kdesu_client_cpp,v 1.1 2002/04/08 21:28:02 espie Exp $
+--- kdesu/client.cpp.orig	Mon Apr  8 20:39:08 2002
++++ kdesu/client.cpp	Mon Apr  8 20:49:44 2002
+@@ -98,10 +98,27 @@ int KDEsuClient::connect()
+ 	return -1;
+     }
+ 
+-#if !defined(SO_PEERCRED) || !defined(HAVE_STRUCT_UCRED)
+-#ifdef __GNUC__
+-#warning "Using sloppy security checks"
+-#endif
++#if defined(__OpenBSD__)
++    {
++    uid_t euid;
++    gid_t egid;
++
++	// Security: if socket exists, we must own it
++	if (getpeereid(sockfd, &euid, &egid) == 0)
++	{
++	    if (euid != getuid())
++	    {
++		kdWarning(900) << "socket not owned by me! socket uid = " << euid << endl;
++		close(sockfd); sockfd = -1;
++		return -1;
++	    }
++	}
++    }
++#else
++# if !defined(SO_PEERCRED) || !defined(HAVE_STRUCT_UCRED)
++#  ifdef __GNUC__
++#   warning "Using sloppy security checks"
++#  endif
+     // We check the owner of the socket after we have connected.
+     // If the socket was somehow not ours an attacker will be able
+     // to delete it after we connect but shouldn't be able to
+@@ -125,7 +142,7 @@ int KDEsuClient::connect()
+ 	close(sockfd); sockfd = -1;
+ 	return -1;
+     }
+-#else
++# else
+     struct ucred cred;
+     socklen_t siz = sizeof(cred);
+ 
+@@ -139,6 +156,7 @@ int KDEsuClient::connect()
+             return -1;
+         }
+     }
++# endif
+ #endif
+ 
+     return 0;