From b323d47d85dd7adfca3e6eb7d0c67212ee853516 Mon Sep 17 00:00:00 2001
From: Alan <etchedpixels@gmail.com>
Date: Wed, 30 May 2018 11:46:29 +0100
Subject: [PATCH] su: security fixes

---
 Applications/util/su.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/Applications/util/su.c b/Applications/util/su.c
index c8583f32..e2bbf358 100644
--- a/Applications/util/su.c
+++ b/Applications/util/su.c
@@ -5,9 +5,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <fcntl.h>
 
 /* True if the invoker need not give a password. */
-#define privileged()	(getgid() == 0)
+#define privileged()	(getuid() == 0)
 
 static char *shell1 = "/bin/sh";
 static char *shell2 = "/usr/bin/sh";
@@ -17,11 +18,19 @@ static char USER[20], LOGNAME[25], HOME[100], SHELL[100];
 
 int main(int argc, char *argv[])
 {
-    register char *name, *password;
-    register struct passwd *pwd;
+    const char *name;
+    char *password;
+    struct passwd *pwd;
     int  login_shell = 0;
+    int  fd;
     char *shell, arg0[20];
 
+    /* Stop people trying funny stuff like running it with handle 2 closed
+       and making stderr write to the password file ! */
+    fd = open("/dev/null", O_RDONLY);
+    if (fd == -1 || fd < 3)
+	exit(1);
+
     if (argc > 1 && strcmp(argv[1], "-") == 0) {
 	login_shell = 1;	/* Read .profile */
 	argv[1] = argv[0];
-- 
2.34.1