- Allow DGLAUTH as additional variable to pass login data,
   prioritized ahead of USER and LOGNAME. (Marc H. Thoben)
 - Empty autologin variables before running any external
   software. (Edoardo Spadolini)
 - Remove -f parameter to prevent privilege escalation.
   (Edoardo Spadolini)

Update documentation to reflect the changes.
This commit is contained in:
Pasi Kallinen 2012-03-17 14:45:53 +02:00
parent 7c0741110e
commit 41d7edf4a4
2 changed files with 12 additions and 16 deletions

6
README
View File

@ -10,9 +10,9 @@ Crawl (http://crawl.develz.org).
DGAMELAUNCH VERSIONS
====================
Development version can be fetched from the source repository with subversion:
Development version can be fetched from the source repository with git:
svn co svn://triplehelix.org/dgamelaunch/trunk
git clone git://github.com/paxed/dgamelaunch.git
Releases are downloadable at http://alt.org/nethack/dgamelaunch/
@ -153,7 +153,6 @@ COMMANDLINE PARAMETERS
-a Ignored.
-e Ignored.
-f file Read configuration from file.
-h Ignored.
-i user Autologin and run the register -command hook for "user"
(with password "user").
@ -173,6 +172,7 @@ ENVIRONMENT VARIABLES
while FreeBSD does not. FreeBSD, on the other hand, does allow the LOGNAME
environment variable. Dgamelaunch will first check USER, then LOGNAME,
for "username:password", and tries autologin if either exists.
Dgamelaunch-specific DGLAUTH is checked before either of those.
ERROR CODES

View File

@ -2594,12 +2594,16 @@ main (int argc, char** argv)
argv = saved_argv;
#endif
p = getenv("USER");
p = getenv("DGLAUTH");
/* Linux telnetd allows importing the USER envvar via telnet,
* while FreeBSD does not. FreeBSD, on the other hand, does allow
* the LOGNAME envvar. Check USER first, then LOGNAME.
*/
if (p == NULL) {
p = getenv("USER");
}
if (p == NULL) {
p = getenv("LOGNAME");
}
@ -2608,9 +2612,12 @@ main (int argc, char** argv)
auth = strdup(p);
/* else auth is still NULL */
/* just to be sure */
unsetenv("DGLAUTH"); unsetenv("USER"); unsetenv("LOGNAME");
__progname = basename(strdup(argv[0]));
while ((c = getopt(argc, argv, "sqh:pf:i:aeW:SD")) != -1)
while ((c = getopt(argc, argv, "sqh:pi:aeW:SD")) != -1)
{
switch (c)
{
@ -2620,17 +2627,6 @@ main (int argc, char** argv)
case 'q':
silent = 1; break;
case 'f':
if (config)
{
if (!silent)
fprintf(stderr, "warning: using %s\n", argv[optind]);
free(config);
}
config = strdup(optarg);
break;
case 'i':
if (optarg && *optarg != '\0') {
if (p && *p != '\0')