$OpenBSD: patch-kdesu_client_cpp,v 1.1 2002/04/09 22:29:15 espie Exp $
--- kdesu/client.cpp.orig	Sat Jan 26 17:57:06 2002
+++ kdesu/client.cpp	Tue Apr  9 20:19:23 2002
@@ -104,9 +104,23 @@ int KDEsuClient::connect()
     }
 
 #if !defined(SO_PEERCRED) || !defined(HAVE_STRUCT_UCRED)
-#ifdef __GNUC__
-#warning "Using sloppy security checks"
-#endif
+# if defined(HAVE_GETPEEREID)
+    uid_t euid;
+    gid_t egid;
+    // Security: if socket exists, we must own it
+    if (getpeereid(sockfd, &euid, &egid) == 0)
+    {
+       if (euid != getuid())
+       {
+            kdWarning(900) << "socket not owned by me! socket uid = " << euid << endl;
+            close(sockfd); sockfd = -1;
+            return -1;
+       }
+    }
+# else
+#  ifdef __GNUC__
+#   warning "Using sloppy security checks"
+#  endif
     // We check the owner of the socket after we have connected.
     // If the socket was somehow not ours an attacker will be able
     // to delete it after we connect but shouldn't be able to
@@ -130,6 +144,7 @@ int KDEsuClient::connect()
 	close(sockfd); sockfd = -1;
 	return -1;
     }
+# endif
 #else
     struct ucred cred;
     socklen_t siz = sizeof(cred);
