This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: A patch for libresolv

To: geoffk at ozemail dot com dot au (Geoff Keating)
Subject: Re: A patch for libresolv
From: hjl at valinux dot com (H.J. Lu)
Date: Mon, 11 Oct 1999 17:56:11 -0700 (PDT)
Cc: libc-hacker at sourceware dot cygnus dot com (GNU C Library)

> 
> > Date: Mon, 11 Oct 1999 17:26:42 -0700 (PDT)
> > Cc: libc-hacker@sourceware.cygnus.com (GNU C Library)
> > From: hjl@valinux.com (H.J. Lu)
> 
> > They are off by default. You have to turn them on by hand in
> > /etc/resolv.conf or via an environment variable. They are a few
> > sites on the Internet which rerquires them. I'd like to be able
> > to do
> > 
> > # RES_OPTS=insecure2 foobar
> > 
> > What is the problem with that? Are you suggesting we should check
> > 
> > # rm -rf /dev
> > 
> > now?
> 
> So your proposed patch checks for getuid() == 0?
> 

RES_OPTIONS is called with __secure_getenv so that it is not a problem.
However, all those options, including RES_IGNTC, are set/cleared in
dig/host/nslookup in bind 8. Right now my patch will only affect root
if those options are turned on in /etc/resolv.conf. If anyone can
change /etc/resolv.conf on your machine, my patch is the last thing 
you want to worry about.


-- 
H.J. Lu (hjl@gnu.org)

References:
- Re: A patch for libresolv
  - From: Geoff Keating

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]