Jeremie Le Hen wrote:
Hi Simon,
On Tue, Aug 29, 2006 at 10:50:02AM +0200, Simon L. Nielsen wrote:
On 2006.08.25 15:08:13 -0700, Julian Elischer wrote:
Since a bunch of people have suggested other solutions I just wanted
to add me 0.01$CURRENCY, FWIW.
Other than missing update for some manual page (not sure where this
should go) I don't see a problem adding this patch. "Normal" users
should be able already get similar functionality already by simply
preloading a custom patched libc, so I don't see a problem supporting
this.
I agree with this statement. If users really want to, they can
compile their own libc. However, nectar@ has added the following
comment in nsdispatch.c:
% #if defined(_NSS_DEBUG) && defined(_NSS_SHOOT_FOOT)
% /* NOTE WELL: THIS IS A SECURITY HOLE. This must only be built
% * for debugging purposes and MUST NEVER be used in production.
% */
% path = getenv("NSSWITCH_CONF");
% if (path == NULL)
% #endif
% path = _PATH_NS_CONF;
We should remove this #if clause because of your argument. I'm not sure
it is worth documenting it however.
by testing for SUID and a few other cases this can be made safe..
notice that my patch would not do anything on suid programs (which you
an not use LD hacks with
for the same reason)
Regards,
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
