On Friday, December 23, 2011 10:00:38 am Colin Percival wrote: > Author: cperciva > Date: Fri Dec 23 15:00:37 2011 > New Revision: 228843 > URL: http://svn.freebsd.org/changeset/base/228843 > > Log: > Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06] > > Add an API for alerting internal libc routines to the presence of > "unsafe" paths post-chroot, and use it in ftpd. [11:07]
Eh, the whole libc_dlopen() thing looks like a gross hack (and who came up with that weird symbol name for a public API????). Is it really even needed given the other fix to have ftpd drop privilege before execing a helper program? I guess the main reason I don't like it is it doesn't do anything to address the more general problem. I would have expected instead something to restrict dlopen() entirely including from other libraries than just libc in certain circumstances. -- John Baldwin _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
