This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: getaddrinfo security problem ?

To: libc-hacker at sources dot redhat dot com
Subject: Re: getaddrinfo security problem ?
From: Thorsten Kukuk <kukuk at suse dot de>
Date: Tue, 22 May 2001 15:40:01 +0200
Organization: SuSE GmbH, Nuernberg, Germany
References: <20010518162813.A9161@suse.de>

On Fri, May 18, Thorsten Kukuk wrote:

> I don't know if it is correct to return AF_UNIX with a path in
> /tmp. I think this is a very bad idea, and for me it looks like
> glibc should not do this. I cannot find any other implementation
> where AF_UNIX is returned, looks like only glibc is doing this.
> 
> Any other opiniums ? What does the standard say about this ?
> I think we should disable it.

If I look at the various source codes:

We can remove PF_LOCAL and gaih_local, or we don't allow PF_LOCAL
if PF_UNSPEC is set. I would vote for the first option, removing
it completly like BSD has done this.

Any other ideas ?

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE GmbH            Deutschherrnstr. 15-19          90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Follow-Ups:
- Re: getaddrinfo security problem ?
  - From: Philip.Blundell

References:
- getaddrinfo security problem ?
  - From: Thorsten Kukuk

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]