svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Alexander Kabaev
kabaev at gmail.com
Fri Dec 23 17:06:52 UTC 2011
On Fri, 23 Dec 2011 11:22:34 -0500
John Baldwin <jhb at freebsd.org> wrote:
> On Friday, December 23, 2011 10:58:46 am John Baldwin wrote:
> > On Friday, December 23, 2011 10:00:38 am Colin Percival wrote:
> > > Author: cperciva
> > > Date: Fri Dec 23 15:00:37 2011
> > > New Revision: 228843
> > > URL: http://svn.freebsd.org/changeset/base/228843
> > >
> > > Log:
> > > Fix a problem whereby a corrupt DNS record can cause named to
> > > crash. [11:06]
> > > Add an API for alerting internal libc routines to the presence
> > > of "unsafe" paths post-chroot, and use it in ftpd. [11:07]
> >
> > Eh, the whole libc_dlopen() thing looks like a gross hack (and who
> > came up with that weird symbol name for a public API????). Is it
> > really even needed given the other fix to have ftpd drop privilege
> > before execing a helper program? I guess the main reason I don't
> > like it is it doesn't do anything to address the more general
> > problem. I would have expected instead something to restrict
> > dlopen() entirely including from other libraries than just libc in
> > certain circumstances.
>
> At the very least if we feel that the libc_dlopen() thing is a
> temporary band-aid, we should move the new symbols into the private
> namespace so we can remove them once the better fix is in rather than
> being required to support them forever.
>
> --
> John Baldwin
Pardon for not catching that when I had a chance to influence the
outcome, but I would like to voice my support to tucking the ugliness
into private version namespace.
--
Alexander Kabaev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20111223/a19285fe/signature.pgp
More information about the svn-src-head
mailing list