Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traceroute-4.4BSD (slack) heap overflow

From: Olaf Kirch <okir () CALDERA DE>
Date: Tue, 9 Jan 2001 14:19:27 +0100
On Mon, Jan 08, 2001 at 12:21:51PM -0500, Matt Zimmerman wrote:

On Mon, Jan 08, 2001 at 11:54:41AM +0100, Olaf Kirch wrote:


 c. The RESOLV_HOST_CONF variable is *not* used to specifiy
    a replacment for /etc/hosts, but for /etc/host.conf, which
    configures the resolver. Apart from that, it's been quite a
    while since the resolver library honored this variable in
    setuid programs.


If only this were true ("it's been quite a while...").  glibc 2.2's resolver
honors RESOLV_HOST_CONF in setuid programs (see resolv/res_hconf.c, or just try
it).


Okay, I gotta eat my words. It turns out it got reintroduced in 2.2. Oh joy.
Another day, another security update to build.

Olaf
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.
Previous By Date Next
Previous By Thread Next

Current thread: