Bugtraq mailing list archives

Re: libresolv+ bug

From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Tue, 20 Aug 1996 20:00:54 -0400


On Wed, 21 Aug 1996, Andi Gutmans wrote:

I temporarily fixed libc. I think the RESOLV_HOST_CONF thingy isn't
insecure. I mean there's nothing really wrong with a user doing this. I just
stopped the printf from printing the offending line. Yeah it's kind of cheap
but I don't see a reason to do something better.


Everyone talks about fixing this in libc.  I fixed it in ld.so.  Barring
any staticly linked suid networking programs (don't think I have any) is
this a valid solution?

------------------------------------------------------------------
 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/hr.
________Finger jlewis () inorganic5 fdt net for PGP public key_______

Current thread:

Re: libresolv+ bug Don Lewis (Aug 19)
- <Possible follow-ups>
- Re: libresolv+ bug der Mouse (Aug 19)
  - Re: libresolv+ bug Alan Cox (Aug 20)
  - Re: libresolv+ bug Thomas Ptacek (Aug 20)
    - Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug John Nemeth (Aug 20)
- Re: libresolv+ bug Andi Gutmans (Aug 20)
  - Re: libresolv+ bug Jon Lewis (Aug 20)
    - Re: libresolv+ bug Elliot Lee (Aug 20)
  - Re: libresolv+ bug Nick Andrew (Aug 20)
    - Re: libresolv+ bug Jon Lewis (Aug 20)
  - SigSev -> Security Hole Tim Smithers (Aug 20)
    - Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
  - Re: libresolv+ bug Julian Assange (Aug 21)
  - Re: libresolv+ bug Thomas Ptacek (Aug 21)

(Thread continues...)