This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [PATCH] Fix UNSEC_ENVVARS (was Re: [patch] res_conf.h missing security feature)

Jakub Jelinek <jakub@redhat.com> writes:

> --- libc/sysdeps/generic/unsecvars.h.jj	Tue Sep 26 11:31:25 2000
> +++ libc/sysdeps/generic/unsecvars.h	Mon Jan  8 17:59:29 2001
> @@ -4,8 +4,9 @@
>    "LOCALDOMAIN",							      \
>    "LOCPATH",								      \
>    "MALLOC_TRACE",							      \
> +  "MEMUSAGE_OUTPUT",							      \

This is no variable used in the libc proper.

>    "NLSPATH",								      \
> -  "RESOLV_HOST_CONF"							      \
> +  "RESOLV_HOST_CONF",							      \

Already done.

> --- libc/sysdeps/generic/segfault.c.jj	Wed Aug  2 21:36:33 2000
> +++ libc/sysdeps/generic/segfault.c	Mon Jan  8 14:14:55 2001
> @@ -185,6 +185,9 @@ install_handler (void)
>    const char *sigs = getenv ("SEGFAULT_SIGNALS");
>    const char *name;
>  
> +  if (__libc_enable_secure)
> +    return;
> +

Why?  I can agree to add an __access() call to check the output file
name but it should not be disabled altogether.

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]