> Obviously any setuid/setgid applications should be checked quickly, > as those might be able to be coerced to do something strange - but > for the rest, assuming that there are no ordinary invocations (and in > NetBSD base I assume not, as no-one is reporting any bugs with other > apps randomly crashing because of this) there is no big hurry to fix > any that are broken, as (assuming ls was to be one such program, just as > an example ... I have no reason to suspect that it is however, just for > the purposes of exposition in this message) that someone can write a > program to exec ls (or whatever) with no args, and have it do something > strange (including perhaps dump core) isn't really a problem for anyone > but them (whatever ls did in such a case they could simply write code > to do, and run it). In that case we should at least put the check for set*id programs, like we've done with file descriptors :-) christos
Attachment:
signature.asc
Description: Message signed with OpenPGP