Bugtraq mailing list archives
Re: libresolv+ bug
From: czetts () rpi edu (Steve Czetty)
Date: Mon, 19 Aug 1996 05:02:03 -0500
In response to the libresolv+ hole ... I'm sure there's a better/more encompassing/cleaner method of fixing it, but here's my patch for ping (I
Yes.. I (once again) patched my libc to ignore the environment variable altogether.. Why do we need to have the ability to specify an /etc/host.conf other than /etc/host.conf??? -Steve ----- --- libc/inet/gethstnmad.c.old Fri Aug 16 14:17:23 1996 +++ libc/inet/gethstnmad.c Fri Aug 16 14:18:12 1996 @@ -306,9 +306,13 @@ #if NLS libc_nls_init(); #endif +#ifdef INSECURE_ENV_HOSTCONF if(NULL==(hostconf=getenv(ENV_HOSTCONF))){ hostconf=_PATH_HOSTCONF; } +#else + hostconf=_PATH_HOSTCONF; +#endif if ((fd = (FILE *)fopen(hostconf, "r")) == NULL) { /* make some assumptions */ service_order[0] = SERVICE_BIND;
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Alan Cox (Aug 19)
- libresolv Xarthon (Aug 18)
- Re: libresolv Xarthon (Aug 18)
- Re: libresolv+ bug Nelson Murilo (Aug 18)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)