Date: Fri, 24 Nov 2000 20:13:05 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <200011250413.UAA16251@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
green 2000/11/24 20:13:05 PST
Modified files:
usr.sbin/inetd builtins.c
Log:
Security fix: correctly set groups according to the user. Previously,
root's groups' permissions were being used, so a user could read up to
16 (excluding initial whitespace) bytes of e.g. a wheel-accessible file.
Also, don't allow blocking on the opening of ~/.fakeid, so replace a fopen()
with open() and fdopen(). I knew I'd be going to hell for using C file
streams instead of POSIX syscalls...
Revision Changes Path
1.26 +16 -7 src/usr.sbin/inetd/builtins.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011250413.UAA16251>