From owner-cvs-all Sat Sep 30 9:31:40 2000 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A8FF837B502; Sat, 30 Sep 2000 09:31:35 -0700 (PDT) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.9.3/8.9.3) with ESMTP id KAA26571; Sat, 30 Sep 2000 10:31:33 -0600 (MDT) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.0/8.8.3) with ESMTP id e8UGVrG29739; Sat, 30 Sep 2000 10:32:01 -0600 (MDT) Message-Id: <200009301632.e8UGVrG29739@billy-club.village.org> To: "Jacques A. Vidrine" Subject: Re: cvs commit: src/lib/libc/net hesiod.c Cc: Don Lewis , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org In-reply-to: Your message of "Sat, 30 Sep 2000 00:21:46 CDT." <20000930002146.A69517@hamlet.nectar.com> References: <20000930002146.A69517@hamlet.nectar.com> <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009291256.FAA32249@freefall.freebsd.org> <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009300507.e8U57YG24889@billy-club.village.org> Date: Sat, 30 Sep 2000 10:31:53 -0600 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20000930002146.A69517@hamlet.nectar.com> "Jacques A. Vidrine" writes: : I took the same approach as the run-time linker does for dealing with : LD_LIBRARY_PATH et. al. If you believe this is unsafe, then perhaps it : should be fixed as well. ld.so is a special case. : I also sent the patch to our security officer to review -- his : (preliminary?) judgement was the the fix was the right one. Yes, I saw that, but didn't have time to look at it closely. : > Jacques, please apply the following to the file. I'll commit it : > tomorrow morning if it hasn't been changed by then. I almost commited : > this just now and in the process managed to leave a lock file behind. : > cvs@ has been notified. : : I'll let you or the security officer handle. I am the security officer :-) I'll go ahead and handle then. : Certainly issetugid seems : like the right thing to do from the man page now that I've read it. : However my goal was to use this environmental information under the same : circumstances that the linker uses LD_LIBRARY_PATH. This may have been : a flawed goal if there is some special reason that the check is : sufficient for the run-time linker, but not other cases. I'll have to look into this. I think the check in ld.so predates issetugid() Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message