[3196] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Theo Van Dinter)
Sun Aug 18 15:48:26 1996
Date: Sun, 18 Aug 1996 02:56:16 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Theo Van Dinter <felicity@kluge.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.960817233142.11244A-100000@tester.randomc.com>
In response to the libresolv+ hole ... I'm sure there's a better/more
encompassing/cleaner method of fixing it, but here's my patch for ping (I
have the Netkit-B-0.07A source for ping (linux)... It just switches the
effective uid to nobody (default 65534) around a certain gethostbyname ...
This fixed the problem as far as I can tell on my system...
62a63,64
> int kluge;
>
297a300,301
> kluge=geteuid();
> seteuid(65534);
298a303
> seteuid(kluge);
--
-----------------------------------------------------------------------------
Theo Van Dinter www: http://www.kluge.net/~felicity/
Vice-President WPI Lens and Lights Active Member in SocComm and ACM
A third less filling than our regular taglines.
-----------------------------------------------------------------------------
