On Fri, 23 Dec 2011 11:22:34 -0500 John Baldwin <j...@freebsd.org> wrote:
> On Friday, December 23, 2011 10:58:46 am John Baldwin wrote: > > On Friday, December 23, 2011 10:00:38 am Colin Percival wrote: > > > Author: cperciva > > > Date: Fri Dec 23 15:00:37 2011 > > > New Revision: 228843 > > > URL: http://svn.freebsd.org/changeset/base/228843 > > > > > > Log: > > > Fix a problem whereby a corrupt DNS record can cause named to > > > crash. [11:06] > > > Add an API for alerting internal libc routines to the presence > > > of "unsafe" paths post-chroot, and use it in ftpd. [11:07] > > > > Eh, the whole libc_dlopen() thing looks like a gross hack (and who > > came up with that weird symbol name for a public API????). Is it > > really even needed given the other fix to have ftpd drop privilege > > before execing a helper program? I guess the main reason I don't > > like it is it doesn't do anything to address the more general > > problem. I would have expected instead something to restrict > > dlopen() entirely including from other libraries than just libc in > > certain circumstances. > > At the very least if we feel that the libc_dlopen() thing is a > temporary band-aid, we should move the new symbols into the private > namespace so we can remove them once the better fix is in rather than > being required to support them forever. > > -- > John Baldwin Pardon for not catching that when I had a chance to influence the outcome, but I would like to voice my support to tucking the ugliness into private version namespace. -- Alexander Kabaev
signature.asc
Description: PGP signature
