Fix security hole in krcp.c
authorTheodore Tso <tytso@mit.edu>
Thu, 2 Jun 1994 16:17:47 +0000 (16:17 +0000)
committerTheodore Tso <tytso@mit.edu>
Thu, 2 Jun 1994 16:17:47 +0000 (16:17 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3658 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/bsd/krcp.c

index 361574927b71f145cf1a47d50afd45f9fcd72672..f874ce0649e61a714864c65d270aa992936f332a 100644 (file)
@@ -442,7 +442,9 @@ main(argc, argv)
                    if (encryptflag)
                      send_auth();
                }
+               (void) setreuid(0, userid);
                sink(1, argv+argc-1);
+               (void) setreuid(userid, 0);
 #else
                rem = rcmd(&host, port, pwd->pw_name, suser,
                           buf, 0);