[1088] in linux-security and linux-alert archive
Re: [linux-security] RESOLV_HOST_CONF
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Aug 27 08:51:00 1996
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: jordy@newport.thirdwave.net (Jordy)
Date: Mon, 26 Aug 1996 19:46:31 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.94.960825004049.4817C-100000@newport.thirdwave.net> from "Jordy" at Aug 25, 96 00:48:46 am
> # export RESOLV_HOST_CONF=/proc/kcore
> # ping life is a challage hack it up
>
> which is known to make a machine go boom.
Can't duplicate.
> Real Patch isn't really available yet, from what i can see. You can modify
> the souce to the resolv+ library and make it setuid(getuid()) first, but
> that would break if /etc/resolv.conf wasn't working right, or you could
> simply remove the RESOLV_HOST_CONF variable completely.
Inadequate. The trim bug is just as bad news.
> are affected include Slackware 2.0, 2.1, 3.0, 3.1, Redhat 2.0 and 3.0.3
> picasso.
Are you sure about RedHat. Its linked with NYS, which is a bit different
to generic libc5.
> linked. The version in the shared library is being called. Slackware 3.0
> uses libc.so.5.0.9, while picasso has libc.so.5.2.18 . Is this the
> significant difference?]
5.2.18 has a different but closely related set of holes.