Bugtraq mailing list archives
Re: libresolv+ bug
From: nick () zeta org au (Nick Andrew)
Date: Wed, 21 Aug 1996 10:47:38 +1000
Forwarding a message from Andi Gutmans:
I temporarily fixed libc. I think the RESOLV_HOST_CONF thingy isn't insecure. I mean there's nothing really wrong with a user doing this. I just stopped the printf from printing the offending line. Yeah it's kind of cheap but I don't see a reason to do something better.
How about: RESOLV_HOST_CONF=/dev/sda1 ping asdf or RESOLV_HOST_CONF=/dev/console ping asdf Nick. -- Kralizec Dialup Internet System Data: +61-2-9837-1183, 9837-1868 Zeta Microcomputer Software Fax: +61-2-9837-3753 Voice: 9837-1397 P.O. Box 177, Riverstone NSW 2765 http://www.kralizec.net.au/
Current thread:
- Re: libresolv+ bug Don Lewis (Aug 19)
- <Possible follow-ups>
- Re: libresolv+ bug der Mouse (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 20)
- Re: libresolv+ bug Thomas Ptacek (Aug 20)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug John Nemeth (Aug 20)
- Re: libresolv+ bug Andi Gutmans (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- Re: libresolv+ bug Elliot Lee (Aug 20)
- Re: libresolv+ bug Nick Andrew (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- SigSev -> Security Hole Tim Smithers (Aug 20)
- Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug Thomas Ptacek (Aug 21)
- Re: libresolv+ bug Nick Andrew (Aug 22)
- Re: libresolv+ bug John Macdonald (Aug 22)