From e143f23c237e523758173e65ff8fdd2966ed938b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 9 Jul 1998 13:37:17 +0000
Subject: fixed severe exploit

---
 cipher/dynload.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'cipher/dynload.c')

diff --git a/cipher/dynload.c b/cipher/dynload.c
index e22731702..a8c01f259 100644
--- a/cipher/dynload.c
+++ b/cipher/dynload.c
@@ -22,6 +22,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #ifdef HAVE_DL_DLOPEN
   #include <dlfcn.h>
 #endif
@@ -109,7 +110,11 @@ load_extension( EXTLIST el )
     int seq = 0;
     int class, vers;
 
+    /* make sure we are not setuid */
+    if( getuid() != geteuid() )
+	log_bug("trying to load an extension while still setuid\n");
 
+    /* now that we are not setuid anymore, we can safely load modules */
     el->handle = dlopen(el->name, RTLD_NOW);
     if( !el->handle ) {
 	log_error("%s: error loading extension: %s\n", el->name, dlerror() );
-- 
cgit v1.2.3