svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include
head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include
head/lib/libc/net head/libexec...
John Baldwin
jhb at freebsd.org
Fri Dec 23 15:58:48 UTC 2011
On Friday, December 23, 2011 10:00:38 am Colin Percival wrote:
> Author: cperciva
> Date: Fri Dec 23 15:00:37 2011
> New Revision: 228843
> URL: http://svn.freebsd.org/changeset/base/228843
>
> Log:
> Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
>
> Add an API for alerting internal libc routines to the presence of
> "unsafe" paths post-chroot, and use it in ftpd. [11:07]
Eh, the whole libc_dlopen() thing looks like a gross hack (and who came
up with that weird symbol name for a public API????). Is it really even
needed given the other fix to have ftpd drop privilege before execing a
helper program? I guess the main reason I don't like it is it doesn't do
anything to address the more general problem. I would have expected instead
something to restrict dlopen() entirely including from other libraries than
just libc in certain circumstances.
--
John Baldwin
More information about the svn-src-all
mailing list