[PATCH] su code clean up and new config option V.2

[Tito]

On Monday 10 July 2006 05:06, Rob Landley wrote:
> On Sunday 09 July 2006 1:28 pm, Tito wrote:
> > On Sunday 9 July 2006 15:51, Tito wrote:
> >  Hi,
> >
> >  this is an improved version of the previous patch:
> > >1) removes an a lot of #ifdef's from su.c
> > >2) adds a new config option to enable/disable syslogging in su
> > >	(it now loggs successes and failures!!!)
> >
> > 3)  size is about the same as before with syslogging enabled.
> > 4) fixes a potential issue with struct passwd *pw making old_user =
> > opt_username  (new_user)
> 
> Applied, with further cleanups.
> 
> What's the issue with #4?

If getlogin fails we use getpwuid  to initialise old_user

        old_user = getlogin ( );
        if ( !old_user ) 
      { 
                  pw = getpwuid ( cur_uid ); 	 
                 old_user = ( pw ? pw->pw_name : "" ); 	 
      }

later we reuse pw

   pw = getpwnam ( opt_username );


so in the end we have 

old_user = pw->pw_name;
opt_username == pw->pw_name;

as the man page says (GETPWNAM(3) ):


       The return value may point to static area, and may  be  overwritten  by
       subsequent calls to getpwent(), getpwnam(), or getpwuid().

so potentially we could have:

old_user == opt_username

this would mess up the logs.
That is why I strdup the first pw->pw_name.

BTW, I was not able to trigger this on my system....
so it is just to be sure.

Ciao,
Tito
> Rob