This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
>>>>> Jakub Jelinek writes: > Hi! > The new access checks are IMHO too strict because they change the behaviour > when those variables are set for non-SUID/SGID programs. > Both memusage and SegFault try to create missing output file, but > access (R_OK|W_OK) won't return 0 if the file is missing. > I think we should keep the old behaviour for non-SUID/SGID programs and only > require the user creates the file first when playing with SUID/SGID > programs. > 2001-01-10 Jakub Jelinek <jakub@redhat.com> > * malloc/memusage.c (me): If not SUID/SGID, allow creating new > $MEMUSAGE_OUTPUT file. > * sysdeps/generic/segfault.c (segfault.c): If not SUID/SGID, allow > creating new $SEGFAULT_OUTPUT_NAME file. > --- libc/malloc/memusage.c.jj Mon Jan 8 19:07:14 2001 > +++ libc/malloc/memusage.c Wed Jan 10 12:06:09 2001 > @@ -201,7 +201,7 @@ me (void) > { > const char *outname = getenv ("MEMUSAGE_OUTPUT"); > if (outname != NULL && outname[0] != '\0' > - && access (outname, R_OK | W_OK) == 0) > + && (!libc_enable_secure || access (outname, R_OK | W_OK) == 0)) > { > fd = creat (outname, 0666); > --- libc/sysdeps/generic/segfault.c.jj Wed Jan 10 12:02:54 2001 > +++ libc/sysdeps/generic/segfault.c Wed Jan 10 12:04:49 2001 > @@ -237,6 +237,7 @@ install_handler (void) > /* Preserve the output file name if there is any given. */ > name = getenv ("SEGFAULT_OUTPUT_NAME"); > - if (name != NULL && name[0] != '\0' && __access (name, R_OK | W_OK) == 0) > + if (name != NULL && name[0] != '\0' > + && (!libc_enable_secure || __access (name, R_OK | W_OK) == 0)) > fname = __strdup (name); > } Shouldn't these be __libc_enable_secure with two leading underscores? Andreas -- Andreas Jaeger SuSE Labs aj@suse.de private aj@arthur.inka.de http://www.suse.de/~aj
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |