note possible security concerns.

This commit is contained in:
mrg 1997-04-22 12:33:17 +00:00
parent 071eac5167
commit 2d2ae90504
3 changed files with 21 additions and 5 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: res_query.c,v 1.12 1997/04/13 10:30:51 mrg Exp $ */
/* $NetBSD: res_query.c,v 1.13 1997/04/22 12:33:17 mrg Exp $ */
/*-
* Copyright (c) 1988, 1993
@ -58,7 +58,7 @@
static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93";
static char rcsid[] = "Id: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp";
#else
static char rcsid[] = "$NetBSD: res_query.c,v 1.12 1997/04/13 10:30:51 mrg Exp $";
static char rcsid[] = "$NetBSD: res_query.c,v 1.13 1997/04/22 12:33:17 mrg Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
@ -361,6 +361,10 @@ __hostalias(name)
if (_res.options & RES_NOALIASES)
return (NULL);
/*
* XXX potential security problem if this file is not normally
* readable by the user of a setuid program.
*/
file = getenv("HOSTALIASES");
if (file == NULL || (fp = fopen(file, "r")) == NULL)
return (NULL);

View File

@ -1,4 +1,4 @@
/* $NetBSD: localtime.c,v 1.8 1997/01/23 14:02:29 mrg Exp $ */
/* $NetBSD: localtime.c,v 1.9 1997/04/22 12:33:19 mrg Exp $ */
/*
** This file is in the public domain, so clarified as of
@ -277,6 +277,7 @@ register struct state * const sp;
if (name == NULL && (name = TZDEFAULT) == NULL)
return -1;
{
register int doaccess;
/*
@ -308,6 +309,12 @@ register struct state * const sp;
}
if (doaccess && access(name, R_OK) != 0)
return -1;
/*
* XXX potential security problem here if user of a set-id
* program has set TZ (which is passed in as name) here,
* and uses a race condition trick to defeat the access(2)
* above.
*/
if ((fid = open(name, OPEN_MODE)) == -1)
return -1;
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $ */
/* $NetBSD: termcap.c,v 1.11 1997/04/22 12:33:20 mrg Exp $ */
/*
* Copyright (c) 1980, 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)termcap.c 8.1 (Berkeley) 6/4/93";
#else
static char rcsid[] = "$NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $";
static char rcsid[] = "$NetBSD: termcap.c,v 1.11 1997/04/22 12:33:20 mrg Exp $";
#endif
#endif /* not lint */
@ -139,6 +139,11 @@ tgetent(bp, name)
if (cgetset(cp) < 0)
return (-2);
/*
* XXX potential security hole here in a set-id program if the
* user had setup name to be built from a path they can not
* normally read.
*/
dummy = NULL;
i = cgetent(&dummy, pathvec, name);