>Submitter-Id:	net
>Originator:	David Carrel
>Organization:
Just a regular guy!
>Confidential:	no
>Synopsis:	route uses getuid() and should use geteuid()
>Severity:	non-critical
>Priority:	medium
>Category:	bin
>Class:		sw-bug
>Release:	
>Environment:

NetBSD 1.0_BETA (DAVE) #1: Tue Aug 2 22:01:08 PDT 1994 hp300
Last sup on 1 Aug 1994

>Description:
	NetBSD's route(1) uses getuid() to decide if the the correct user
is running it.  But it would be better to use geteuid() since route can be
run from a setuid program and that is valid.
>How-To-Repeat:
	Try to run route from a setuid program
>Fix:
*** route.c.orig	Tue Aug  2 22:54:48 1994
--- route.c	Tue Aug  2 22:51:31 1994
***************
*** 166,172 ****
  	argv += optind;
  
  	pid = getpid();
! 	uid = getuid();
  	if (tflag)
  		s = open("/dev/null", O_WRONLY, 0);
  	else
--- 166,172 ----
  	argv += optind;
  
  	pid = getpid();
! 	uid = geteuid();
  	if (tflag)
  		s = open("/dev/null", O_WRONLY, 0);
  	else

------------------------------------------------------------------------------