From NetBSD: Warn about potentially unsafe uid/gid overrides.

diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 0d22bd5..c487b93 100644 (file)
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -1,4 +1,5 @@
-/*     $OpenBSD: pwd_mkdb.c,v 1.9 1997/01/15 23:44:14 millert Exp $    */
+/*     $OpenBSD: pwd_mkdb.c,v 1.10 1997/01/16 03:58:23 millert Exp $   */
+
 /*-
  * Copyright (c) 1991, 1993, 1994
  *     The Regents of the University of California.  All rights reserved.
@@ -40,8 +41,11 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-/*static char sccsid[] = "from: @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94";*/
-static char *rcsid = "$Id: pwd_mkdb.c,v 1.9 1997/01/15 23:44:14 millert Exp $";
+#if 0
+static char sccsid[] = "from: @(#)pwd_mkdb.c   8.5 (Berkeley) 4/20/94";
+#else
+static char *rcsid = "$OpenBSD: pwd_mkdb.c,v 1.10 1997/01/16 03:58:23 millert Exp $";
+#endif
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -204,6 +208,14 @@ main(argc, argv)
                if((pwd.pw_name[0] == '+') || (pwd.pw_name[0] == '-'))
                        hasyp++;
 
+               /* Warn about potentially unsafe uid/gid overrides. */
+               if (pwd.pw_name[0] == '+') {
+                       if ((flags & _PASSWORD_NOUID) == 0 && pwd.pw_uid == 0)
+                               warnx("line %d: superuser override in YP inclusion", cnt);
+                       if ((flags & _PASSWORD_NOGID) == 0 && pwd.pw_gid == 0)
+                               warnx("line %d: wheel override in YP inclusion", cnt);
+               }
+
                /* Create insecure data. */
                p = buf;
                COMPACT(pwd.pw_name);