Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 30 Sep 2000 10:31:53 -0600
From:      Warner Losh <imp@village.org>
To:        "Jacques A. Vidrine" <n@nectar.com>
Cc:        Don Lewis <Don.Lewis@tsc.tdk.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/lib/libc/net hesiod.c 
Message-ID:  <200009301632.e8UGVrG29739@billy-club.village.org>
In-Reply-To: Your message of "Sat, 30 Sep 2000 00:21:46 CDT." <20000930002146.A69517@hamlet.nectar.com> 
References:  <20000930002146.A69517@hamlet.nectar.com>  <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009291256.FAA32249@freefall.freebsd.org> <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009300507.e8U57YG24889@billy-club.village.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000930002146.A69517@hamlet.nectar.com> "Jacques A. Vidrine" writes:
: I took the same approach as the run-time linker does for dealing with
: LD_LIBRARY_PATH et. al.  If you believe this is unsafe, then perhaps it
: should be fixed as well.

ld.so is a special case.

: I also sent the patch to our security officer to review -- his
: (preliminary?) judgement was the the fix was the right one.

Yes, I saw that, but didn't have time to look at it closely.

: > Jacques, please apply the following to the file.  I'll commit it
: > tomorrow morning if it hasn't been changed by then.  I almost commited
: > this just now and in the process managed to leave a lock file behind.
: > cvs@ has been notified.
: 
: I'll let you or the security officer handle.

I am the security officer :-)  I'll go ahead and handle then.

: Certainly issetugid seems
: like the right thing to do from the man page now that I've read it.
: However my goal was to use this environmental information under the same
: circumstances that the linker uses LD_LIBRARY_PATH.  This may have been
: a flawed goal if there is some special reason that the check is
: sufficient for the run-time linker, but not other cases.

I'll have to look into this.  I think the check in ld.so predates
issetugid()

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009301632.e8UGVrG29739>