bktruss / fern-wifi-cracker

Automatically exported from code.google.com/p/fern-wifi-cracker
0 stars 0 forks source link

Fern checks LOGNAME when it should be checking EUID. #71

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
In `core/fern.py`, the environmental variable `LOGNAME` is checked against the
string 'root' to determine the process's capabilities. This can cause problems
in certain situations.

For example, when running Fern with sudo with the `set_logname` option
disabled, the program may fail to determine the correct capabilities of the
process.

A superuser is no guaranteed to have the name 'root' and the name 'root' is no
guaranteed to be associated with a superuser.

Also, the program is not guaranteed to be passed the `LOGNAME` environmental
variable.

To determine the capabilities of the process, you should check its EUID.

In the code,

    if os.getenv('LOGNAME','none').lower() != 'root':

should be

    if os.geteuid() != 0:

This bug is present in Fern version 133.

Original issue reported on code.google.com by TeitelmanEvan@gmail.com on 22 Jul 2013 at 10:49

GoogleCodeExporter commented 9 years ago
"Fern version 133" should be "Fern revision 217 and earlier."

Original comment by TeitelmanEvan@gmail.com on 22 Jul 2013 at 11:06

GoogleCodeExporter commented 9 years ago
Bug has been fixed, Thank you for the report :)

Original comment by saviob...@rocketmail.com on 23 Jul 2013 at 5:39