Bugtraq mailing list archives
Re: libresolv+ bug
From: sopwith () redhat com (Elliot Lee)
Date: Tue, 20 Aug 1996 20:40:10 -0400
On Tue, 20 Aug 1996, Jon Lewis wrote:
On Wed, 21 Aug 1996, Andi Gutmans wrote:I temporarily fixed libc. I think the RESOLV_HOST_CONF thingy isn't insecure. I mean there's nothing really wrong with a user doing this. I just stopped the printf from printing the offending line. Yeah it's kind of cheap but I don't see a reason to do something better.Everyone talks about fixing this in libc. I fixed it in ld.so. Barring any staticly linked suid networking programs (don't think I have any) is this a valid solution?
Not when you have things like telnetd :) --==== Elliot Lee = <sopwith () redhat com> == Red Hat Software ====-- "Usenet is like a herd of performing elephants with diarrhea; massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it."
Current thread:
- Re: libresolv+ bug Don Lewis (Aug 19)
- <Possible follow-ups>
- Re: libresolv+ bug der Mouse (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 20)
- Re: libresolv+ bug Thomas Ptacek (Aug 20)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug John Nemeth (Aug 20)
- Re: libresolv+ bug Andi Gutmans (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- Re: libresolv+ bug Elliot Lee (Aug 20)
- Re: libresolv+ bug Nick Andrew (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- SigSev -> Security Hole Tim Smithers (Aug 20)
- Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug Thomas Ptacek (Aug 21)
- Re: libresolv+ bug Nick Andrew (Aug 22)
(Thread continues...)