From: deraadt <deraadt@openbsd.org>
Date: Wed, 11 Sep 1996 19:22:46 +0000 (+0000)
Subject: protect $HOME expansion; from das33@cornell.edu
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=65d8077b04fd53b7c5c0fded1ec504848b0ad645;p=openbsd

protect $HOME expansion; from das33@cornell.edu
---

diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c
index 9f43dc306c7..057a17343cc 100644
--- a/lib/libc/gen/glob.c
+++ b/lib/libc/gen/glob.c
@@ -35,7 +35,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: glob.c,v 1.2 1996/08/19 08:24:20 tholo Exp $";
+static char rcsid[] = "$OpenBSD: glob.c,v 1.3 1996/09/11 19:22:46 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
@@ -355,7 +355,7 @@ globtilde(pattern, patbuf, pglob)
 		 * handle a plain ~ or ~/ by expanding $HOME 
 		 * first and then trying the password file
 		 */
-		if ((h = getenv("HOME")) == NULL) {
+		if (issetugid() != 0 || (h = getenv("HOME")) == NULL) {
 			if ((pwd = getpwuid(getuid())) == NULL)
 				return pattern;
 			else