From 44716a78aa42f999ac618cec1dc04ddb0c2c42e0 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Mon, 18 Nov 2013 18:29:22 +0100
Subject: use tty group
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/cerberus.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'src/cerberus.c')

diff --git a/src/cerberus.c b/src/cerberus.c
index 2199d7b..e3f3f95 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -19,6 +19,11 @@
 #include "cerberus.h"
 
 
+#ifndef USE_TTY_GROUP
+#define tty_group  0
+#endif
+
+
 /**
  * Mane method
  * 
@@ -33,6 +38,10 @@ int main(int argc, char** argv)
   char* passphrase = NULL;
   char preserve_env = 0;
   char skip_auth = 0;
+  #ifdef USE_TTY_GROUP
+  gid_t tty_group = 0;
+  struct group* group;
+  #endif
   struct passwd* entry;
   
   
@@ -117,7 +126,11 @@ int main(int argc, char** argv)
   
   
   /* Make sure nopony is spying */
-  secure_tty();
+  #ifdef USE_TTY_GROUP
+  if ((group = getgrnam("tty")))
+    tty_group = group->gr_gid;
+  #endif
+  secure_tty(tty_group);
   
   
   /* Set up clean quiting and time out */
@@ -170,7 +183,7 @@ int main(int argc, char** argv)
   
   
   /* Reset terminal ownership and mode */
-  chown_tty(0, -1, 0);
+  chown_tty(0, tty_group, 0);
   
   return 0;
 }
-- 
cgit v1.2.3-70-g09d2