Subject: Re: Question about HOSTALIASES changes
To: Kazushi Marukawa (Jam) <email@example.com>
From: None <firstname.lastname@example.org>
Date: 08/14/2000 14:14:28
>Now, I cannot use HOSTALIASES through ssh, ping, traceroute,
>and any other programs which have setuid bit.
>Original comment said this should check read permission of
>HOSTALIASES file. However, this change just avoids all of
>them. Is checking file permission following original
>comment not enough for security?
this is due to security reason. suppose we set HOSTALIASES to
something like /dev/foo, and invoke setuid'ed program.
non-root user can can let tape to rewind, at least.
revision 1.27 was insecure.