[src/trunk]: src/lib/libc/resolv Put back issetugid() check for hostaliases.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3e5052ebc588
branches:  trunk
changeset: 570121:3e5052ebc588
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Sep 25 05:33:01 2004 +0000

description:
Put back issetugid() check for hostaliases.
XXX: this is suboptimal, It would be better if we propelry checked
for access.

diffstat:

 lib/libc/resolv/res_query.c |  11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diffs (39 lines):

diff -r 7f9714bdcd24 -r 3e5052ebc588 lib/libc/resolv/res_query.c
--- a/lib/libc/resolv/res_query.c       Sat Sep 25 05:21:03 2004 +0000
+++ b/lib/libc/resolv/res_query.c       Sat Sep 25 05:33:01 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: res_query.c,v 1.5 2004/05/21 16:03:05 christos Exp $   */
+/*     $NetBSD: res_query.c,v 1.6 2004/09/25 05:33:01 christos Exp $   */
 
 /*
  * Copyright (c) 1988, 1993
@@ -76,7 +76,7 @@
 static const char sccsid[] = "@(#)res_query.c  8.1 (Berkeley) 6/4/93";
 static const char rcsid[] = "Id: res_query.c,v 1.2.2.3.4.2 2004/03/16 12:34:19 marka Exp";
 #else
-__RCSID("$NetBSD: res_query.c,v 1.5 2004/05/21 16:03:05 christos Exp $");
+__RCSID("$NetBSD: res_query.c,v 1.6 2004/09/25 05:33:01 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -94,6 +94,7 @@
 #include <resolv.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include "port_after.h"
 
@@ -419,6 +420,12 @@
 
        if (statp->options & RES_NOALIASES)
                return (NULL);
+       /*
+        * forbid hostaliases for setuid binary, due to possible security
+        * breach.
+        */
+       if (issetugid())
+               return (NULL);
        file = getenv("HOSTALIASES");
        if (file == NULL || (fp = fopen(file, "r")) == NULL)
                return (NULL);