Note: This patch is not enough to for all cases of running mhonarc
as SUID. Trying to make MHonArc taint safe would be some work.
Hence, this patch will not be incorporated into the standard release,
but it does show you what you can do to make mhonarc run as a SUID
script.
--- Begin Message ---
I use this tiny patch versus the latest version of mhonarc to allow
the program to be ran from an SGID wrapper. I haven't encountered any
problems with it, but I have not looked enough at the code to
guarantee that there are no other places that needs modification. The
patch should not be used if the user can not guarantee that opt_outdir
does not contain "bad characters".
--- mhonarc~ Thu Mar 20 17:54:27 1997
+++ mhonarc Thu Mar 20 18:18:41 1997
@@ -169,6 +169,7 @@
);
&usage() if defined($opt_help);
&version() if defined($opt_v);
+ $opt_outdir =~ /^(.*)$/; $opt_outdir=$1; # Untaint
## These options have NO resource file equivalent.
##
--
Rune Frøysa, IT-Seksjonen UB, UiO. Private e-mail:
runefr(_at_)ifi(_dot_)uio(_dot_)no
WWW: http://www.ifi.uio.no/~runefr/ Work e-mail:
rune(_dot_)froysa(_at_)ub(_dot_)uio(_dot_)no
Amnesty: http://www.amnesty.no Pb 1059 Blindern, 0316 Oslo
--- End Message ---
