[3209] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Aug 19 14:16:51 1996
Date: Mon, 19 Aug 1996 09:16:04 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Alan Cox <coxa@cableol.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.95.960818025102.7620A-100000@eclectic.kluge.net> from
"Theo Van Dinter" at Aug 18, 96 02:56:16 am
> In response to the libresolv+ hole ... I'm sure there's a better/more
> encompassing/cleaner method of fixing it, but here's my patch for ping (I
> have the Netkit-B-0.07A source for ping (linux)... It just switches the
> effective uid to nobody (default 65534) around a certain gethostbyname ...
> This fixed the problem as far as I can tell on my system...
This is not a fix for any of the libresolv++ holes. Firstly you can
use the TRIM list to overrun the trim buffer non setuid, but make the
non setuid code executed patch other parts of the binary so that when
it goes back setuid -- BLAM.
Has anyone checked if the BSD libc's are also not checking for an
overrun of the domain trimming buffer ?
