[3229] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Elliot Lee)
Tue Aug 20 21:19:12 1996
Date: Tue, 20 Aug 1996 20:40:10 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Elliot Lee <sopwith@redhat.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.960820195101.140e-100000@inorganic5.fdt.net>
On Tue, 20 Aug 1996, Jon Lewis wrote:
> On Wed, 21 Aug 1996, Andi Gutmans wrote:
>
> > I temporarily fixed libc. I think the RESOLV_HOST_CONF thingy isn't
> > insecure. I mean there's nothing really wrong with a user doing this. I just
> > stopped the printf from printing the offending line. Yeah it's kind of cheap
> > but I don't see a reason to do something better.
>
> Everyone talks about fixing this in libc. I fixed it in ld.so. Barring
> any staticly linked suid networking programs (don't think I have any) is
> this a valid solution?
Not when you have things like telnetd :)
--==== Elliot Lee = <sopwith@redhat.com> == Red Hat Software ====--
"Usenet is like a herd of performing elephants with diarrhea; massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
