2 files changed, 15 insertions, 6 deletions

diff --git a/login-utils/login.c b/login-utils/login.c
index 0ec16ad51..8088878a5 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -201,7 +201,6 @@ int	kerror = KSUCCESS, notickets = 1;
 #endif
 
 #define	TTYGRPNAME	"tty"		/* name of group to own ttys */
-/**#  define TTYGRPNAME      "other" **/
 
 #ifndef MAXPATHLEN
 #  define MAXPATHLEN 1024
@@ -238,11 +237,6 @@ struct	ltchars ltc = {
 };
 #endif
 
-const char *months[] = {
-	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
-	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
 /* Nice and simple code provided by Linus Torvalds 16-Feb-93 */
 /* Nonblocking stuff by Maciej W. Rozycki, macro@ds2.pg.gda.pl, 1999.
    He writes: "Login performs open() on a tty in a blocking mode.
diff --git a/login-utils/simpleinit.c b/login-utils/simpleinit.c
index cf33fe146..093c00303 100644
--- a/login-utils/simpleinit.c
+++ b/login-utils/simpleinit.c
@@ -13,6 +13,8 @@
  * - block signals in handlers, so that longjmp() doesn't kill context
  * 2001-02-25 Richard Gooch <rgooch@atnf.csiro.au>
  * - make default INIT_PATH the boot_prog (if it is a directory) - YECCH
+ * 2002-11-20 patch from SuSE
+ * - refuse initctl_fd if setting FD_CLOEXEC fails
  */
 
 #include <sys/types.h>
@@ -204,6 +206,19 @@ int main(int argc, char *argv[])
 			err ( _("error opening fifo\n") );
 	}
 
+	if (initctl_fd >= 0 && fcntl(initctl_fd, F_SETFD, FD_CLOEXEC) != 0) {
+		err ( _("error setting close-on-exec on /dev/initctl") );
+
+		/* Can the fcntl ever fail?  If it does, and we leave
+		   the descriptor open in child processes, then any
+		   process on the system will be able to write to
+		   /dev/initctl and have us execute arbitrary commands
+		   as root. So let's refuse to use the fifo in this case. */
+
+		close(initctl_fd);
+		initctl_fd = -1;
+	}
+
 	if ( want_single || (access (_PATH_SINGLE, R_OK) == 0) ) do_single ();
 
 	/*If we get a SIGTSTP before multi-user mode, do nothing*/