$OpenBSD: patch-kdesu_client_cpp,v 1.1 2002/04/08 21:28:02 espie Exp $
--- kdesu/client.cpp.orig	Mon Apr  8 20:39:08 2002
+++ kdesu/client.cpp	Mon Apr  8 20:49:44 2002
@@ -98,10 +98,27 @@ int KDEsuClient::connect()
 	return -1;
     }
 
-#if !defined(SO_PEERCRED) || !defined(HAVE_STRUCT_UCRED)
-#ifdef __GNUC__
-#warning "Using sloppy security checks"
-#endif
+#if defined(__OpenBSD__)
+    {
+    uid_t euid;
+    gid_t egid;
+
+	// Security: if socket exists, we must own it
+	if (getpeereid(sockfd, &euid, &egid) == 0)
+	{
+	    if (euid != getuid())
+	    {
+		kdWarning(900) << "socket not owned by me! socket uid = " << euid << endl;
+		close(sockfd); sockfd = -1;
+		return -1;
+	    }
+	}
+    }
+#else
+# if !defined(SO_PEERCRED) || !defined(HAVE_STRUCT_UCRED)
+#  ifdef __GNUC__
+#   warning "Using sloppy security checks"
+#  endif
     // We check the owner of the socket after we have connected.
     // If the socket was somehow not ours an attacker will be able
     // to delete it after we connect but shouldn't be able to
@@ -125,7 +142,7 @@ int KDEsuClient::connect()
 	close(sockfd); sockfd = -1;
 	return -1;
     }
-#else
+# else
     struct ucred cred;
     socklen_t siz = sizeof(cred);
 
@@ -139,6 +156,7 @@ int KDEsuClient::connect()
             return -1;
         }
     }
+# endif
 #endif
 
     return 0;
