[1093] in linux-security and linux-alert archive
Kevin Littlejohn: Re: [linux-security] Re: RESOLV_HOST_CONF
daemon@ATHENA.MIT.EDU (Daniel Bromberg)
Tue Aug 27 11:11:11 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 26 Aug 1996 18:35:23 PDT
From: Daniel Bromberg <ddaniel@MIT.EDU>
------- Forwarded Message
Received: (from darius@localhost) by vector.wantree.com.au (8.7.5/8.6.9) id JAA32291 for ddaniel@furlong.jpl.nasa.gov; Tue, 27 Aug 1996 09:12:36 +0800
From: Kevin Littlejohn <darius@vector.wantree.com.au>
Message-Id: <199608270112.JAA32291@vector.wantree.com.au>
Subject: Re: [linux-security] Re: RESOLV_HOST_CONF
To: ddaniel@furlong.jpl.nasa.gov (Daniel Bromberg)
Date: Tue, 27 Aug 1996 09:12:36 +0800 (WST)
In-Reply-To: <199608260046.RAA04384@furlong.jpl.nasa.gov> from "Daniel Bromberg" at Aug 25, 96 05:46:05 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Just a quick query: after panicking slightly yesterday, I sat down and had
a trawl through source code....
Seems the problem exists in libc, in, ummm... inet/gethstnmad.c, a big section
that looks for environment variables and overrides the defaults if they exist.
Would it make sense to simply comment this whole section out? Surely, there
should be no real need (in any average configuration) to allow people to
change the location of configuration files, etc.?
If that's so, then I'm in a position of getting this libc code to compile
*sigh* If that's not so, could someone point out why before I do
irreperable harm to my system? :)
KevinL
[REW: Why not make it conditional on (getuid () == geteuid ()) ?
This is what I'd consider a valid fix.]
------- End of Forwarded Message