Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: basesrc
Date: Sun, 30 Apr 2000 21:18:20 +1000
From: matthew green <mrg%eterna.com.au@localhost>
Message-ID: <9239.957093500%eterna.com.au@localhost>
| Modified Files:
| basesrc/lib/libc/net: res_query.c
|
| Log Message:
| don't look at $HOSTALIASES, if issetugid() says the binary is dirty.
|
| i really hate this change.
Same here. What's the problem supposed to be, aside from FUD ?
As long as the library routines that read $HOSTALIASES are doing it
properly (if it wants to be super safe, abandon stdio and just malloc
a buffer, or use the stack, read(2) into it, then zap the buffer (memset())
before returning to user code). But setuid() binaries that allow users
to get access to data in their mem leave more holes than can be exploited
via HOSTALIASES.
So, is this change any more than a reaction to a bug that was in SunOS?
And if not, can it be undone please?
kre
Home |
Main Index |
Thread Index |
Old Index