$OpenBSD: patch-common_d_util_c,v 1.3 2001/08/08 23:31:23 naddy Exp $
--- common_d/util.c.orig	Sat Feb  5 08:26:22 2000
+++ common_d/util.c	Wed Aug  8 01:32:14 2001
@@ -491,13 +491,20 @@ util_loginname(void)
 	}
 	endpwent();
 
-	/* Try the LOGNAME environment variable */
+  /*
+  ** Never ever use environment variables for that. :-)
+  ** that leads to buffer overflows in other parts of the code
+  ** thomas@suse.de
+
+	/* Try the LOGNAME environment variable
 	if ((cp = (char *) getenv("LOGNAME")) != NULL)
 		return (cp);
 
-	/* Try the USER environment variable */
+	/* Try the USER environment variable
 	if ((cp = (char *) getenv("USER")) != NULL)
 		return (cp);
+  */
+
 #endif
 	/* If we still can't get the login name, just set it
 	 * to "nobody" (shrug).
@@ -531,13 +538,20 @@ util_homedir(uid_t uid)
 	}
 	endpwent();
 
-	/* Try the HOME environment variable */
+
+  /*
+  ** Never ever use environment variables for that.  :-)
+  ** that leads to buffer overflows in other parts of the code
+  ** thomas@suse.de
+
+	/* Try the HOME environment variable
 	if (uid == ouid && (cp = (char *) getenv("HOME")) != NULL)
 		return (cp);
 
-	/* If we still can't get the home directory, just set it to the
+	 * If we still can't get the home directory, just set it to the
 	 * current directory (shrug).
 	 */
+
 	return (".");
 #else
 	char		*cp;
@@ -623,7 +637,7 @@ util_mkdir(char *path, mode_t mode)
 	 */
 	if (stat(path, &stbuf) < 0) {
 		if (errno == ENOENT) {
-			if (mkdir(path, 0777) < 0)
+			if (mkdir(path, 0700) < 0)
 				return FALSE;
 		}
 		else
