svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...

Fri Dec 23 15:58:48 UTC 2011

On Friday, December 23, 2011 10:00:38 am Colin Percival wrote:
> Author: cperciva
> Date: Fri Dec 23 15:00:37 2011
> New Revision: 228843
> URL: http://svn.freebsd.org/changeset/base/228843
> 
> Log:
>   Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
>   
>   Add an API for alerting internal libc routines to the presence of
>   "unsafe" paths post-chroot, and use it in ftpd. [11:07]

Eh, the whole libc_dlopen() thing looks like a gross hack (and who came
up with that weird symbol name for a public API????).  Is it really even
needed given the other fix to have ftpd drop privilege before execing a
helper program?  I guess the main reason I don't like it is it doesn't do
anything to address the more general problem.  I would have expected instead
something to restrict dlopen() entirely including from other libraries than
just libc in certain circumstances.

-- 
John Baldwin