From e143f23c237e523758173e65ff8fdd2966ed938b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 9 Jul 1998 13:37:17 +0000
Subject: fixed severe exploit

---
 util/ChangeLog |  4 ++++
 util/secmem.c  | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'util')

diff --git a/util/ChangeLog b/util/ChangeLog
index 661914645..6b4a76fd8 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jul  9 14:47:20 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* secmem.c (secmem_init): Drops setuid if called with 0.
+
 Tue Jul  7 11:49:25 1998  Werner Koch  (wk@isil.d.shuttle.de)
 
 	* logger.c (log_set_filename): New.
diff --git a/util/secmem.c b/util/secmem.c
index b1d86ebf1..4721bcd91 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -153,8 +153,16 @@ secmem_get_flags(void)
 void
 secmem_init( size_t n )
 {
-    if( !n )
+    if( !n ) {
+	uid_t uid;
+
 	disable_secmem=1;
+	uid = getuid();
+	if( uid != geteuid() ) {
+	    if( setuid( uid ) )
+		log_fatal("failed to drop setuid\n" );
+	}
+    }
     else {
 	if( n < DEFAULT_POOLSIZE )
 	    n = DEFAULT_POOLSIZE;
-- 
cgit v1.2.3