Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <email@example.com>
From: Robert Elz <kre@munnari.OZ.AU>
Date: 11/17/2000 16:58:18
Date: Thu, 16 Nov 2000 02:16:46 -0500 (EST)
From: firstname.lastname@example.org (Greg A. Woods)
| Otherwise I would say $HOSTALIASES and $LOCALDOMAIN support just has to
| go away completely
Are you aware what you're really saying here?
HOSTALIASES isn't anything special, it is just an instance of the
problem. Making HOSTALIASES go away won't solve anything at all.
(LOCALDOMAIN is a slightly different issue, as it doesn't name a file).
The more general problem is whether library routines (any that might ever be
used by any setuid program) can ever use any environment variables,
and in particular, any which refer to files.
TZ is another obvious example (and if you think there no are setuid
programs around that blindly call ctime() ...)
I suspect there are a bunch more.
What is needed is a safe way to allow libraries to reference files
that were passed in by name by the originating user - that, or setuid
programs really simply need to be much more fastidious about what they
do, and make sure that they know what the library routines they call
might be coerced into doing, and avoid that.
Just "disable HOSTALIASES" is the idiot's answer to the problem, it
isn't a real answer at all.