Re: CVS commit: basesrc

To: matthew green <mrg%eterna.com.au@localhost>
Subject: Re: CVS commit: basesrc
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Mon, 01 May 2000 23:43:34 +1000

    Date:        Sun, 30 Apr 2000 21:18:20 +1000
    From:        matthew green <mrg%eterna.com.au@localhost>
    Message-ID:  <9239.957093500%eterna.com.au@localhost>

  |    Modified Files:
  |     basesrc/lib/libc/net: res_query.c
  |    
  |    Log Message:
  |    don't look at $HOSTALIASES, if issetugid() says the binary is dirty.
  | 
  | i really hate this change.

Same here.   What's the problem supposed to be, aside from FUD ?

As long as the library routines that read $HOSTALIASES are doing it
properly (if it wants to be super safe, abandon stdio and just malloc
a buffer, or use the stack, read(2) into it, then zap the buffer (memset())
before returning to user code).   But setuid() binaries that allow users
to get access to data in their mem leave more holes than can be exploited
via HOSTALIASES.

So, is this change any more than a reaction to a bug that was in SunOS?
And if not, can it be undone please?

kre

Follow-Ups:
- Re: CVS commit: basesrc
  - From: itojun

References:
- re: CVS commit: basesrc
  - From: matthew green

Prev by Date: CVS commit: basesrc
Next by Date: CVS commit: gnusrc
Previous by Thread: re: CVS commit: basesrc
Next by Thread: Re: CVS commit: basesrc
Indexes:

Home | Main Index | Thread Index | Old Index