Bugtraq mailing list archives
Re: libresolv+ bug
From: felicity () kluge net (Theo Van Dinter)
Date: Sun, 18 Aug 1996 02:56:16 -0400
In response to the libresolv+ hole ... I'm sure there's a better/more encompassing/cleaner method of fixing it, but here's my patch for ping (I have the Netkit-B-0.07A source for ping (linux)... It just switches the effective uid to nobody (default 65534) around a certain gethostbyname ... This fixed the problem as far as I can tell on my system... 62a63,64
int kluge;
297a300,301
kluge=geteuid(); seteuid(65534);
298a303
seteuid(kluge);
-- ----------------------------------------------------------------------------- Theo Van Dinter www: http://www.kluge.net/~felicity/ Vice-President WPI Lens and Lights Active Member in SocComm and ACM A third less filling than our regular taglines. -----------------------------------------------------------------------------
Current thread:
- mount/umount realpath() buffer overflow, (continued)
- mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
- Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
- why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
- Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
- Re: libresolv+ bug Theo Van Dinter (Aug 17)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Jon Lewis (Aug 18)
- Re: libresolv+ bug Alan Cox (Aug 19)
- libresolv Xarthon (Aug 18)
- Re: libresolv Xarthon (Aug 18)
- Re: libresolv+ bug Nelson Murilo (Aug 18)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)