[3228] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Aug 20 20:40:58 1996
Date: Tue, 20 Aug 1996 20:00:54 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <2.2.32.19960820214107.0074ebb4@mail.actcom.co.il>
On Wed, 21 Aug 1996, Andi Gutmans wrote:
> I temporarily fixed libc. I think the RESOLV_HOST_CONF thingy isn't
> insecure. I mean there's nothing really wrong with a user doing this. I just
> stopped the printf from printing the offending line. Yeah it's kind of cheap
> but I don't see a reason to do something better.
Everyone talks about fixing this in libc. I fixed it in ld.so. Barring
any staticly linked suid networking programs (don't think I have any) is
this a valid solution?
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
