On Tue, Jan 09, 2001 at 09:29:46AM -0500, Ben Collins wrote: > Potato is not vulnerable. This is a woody/sid only bug (i.e. glibc > 2.1.9x and greater, such as the 2.2 in woody/sid). The bug is not that > it prints this info, but that it uses the env variable even when > suid/sgid. This wasn't supposed to happen, and the actual fix was a > missing comma in the list of secure env vars that were supposed to be > cleared when a program starts up suid/sgid (including RESOLV_HOST_CONF).
What is the purpose of $RESOLV_HOST_CONF anyway, ie what problem is it intended to solve? Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
