Synopsis: Uses cwd before filling it in, doesn't use syslog State-Changed-From-To: open-analyzed State-Changed-By: marc State-Changed-When: Sat Jul 26 00:43:10 PDT 1997 State-Changed-Why: The references to cwd before it is set are in error, however the getcwd() is after the setuid() on purpose due to issues with NFS mapping root --> nobody. The fix will probably involve changing the uses of cwd before it is set. I see nothing wrong with the *printf*'s you claimed were a problem. They are not printing to a string, but to a file descriptor so there is no buffer to overflow.
We will consider if we want to include some form of your syslog modifications. Thanks.
