note possible security concerns.
This commit is contained in:
parent
071eac5167
commit
2d2ae90504
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: res_query.c,v 1.12 1997/04/13 10:30:51 mrg Exp $ */
|
||||
/* $NetBSD: res_query.c,v 1.13 1997/04/22 12:33:17 mrg Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1988, 1993
|
||||
@ -58,7 +58,7 @@
|
||||
static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93";
|
||||
static char rcsid[] = "Id: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp";
|
||||
#else
|
||||
static char rcsid[] = "$NetBSD: res_query.c,v 1.12 1997/04/13 10:30:51 mrg Exp $";
|
||||
static char rcsid[] = "$NetBSD: res_query.c,v 1.13 1997/04/22 12:33:17 mrg Exp $";
|
||||
#endif
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
@ -361,6 +361,10 @@ __hostalias(name)
|
||||
|
||||
if (_res.options & RES_NOALIASES)
|
||||
return (NULL);
|
||||
/*
|
||||
* XXX potential security problem if this file is not normally
|
||||
* readable by the user of a setuid program.
|
||||
*/
|
||||
file = getenv("HOSTALIASES");
|
||||
if (file == NULL || (fp = fopen(file, "r")) == NULL)
|
||||
return (NULL);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: localtime.c,v 1.8 1997/01/23 14:02:29 mrg Exp $ */
|
||||
/* $NetBSD: localtime.c,v 1.9 1997/04/22 12:33:19 mrg Exp $ */
|
||||
|
||||
/*
|
||||
** This file is in the public domain, so clarified as of
|
||||
@ -277,6 +277,7 @@ register struct state * const sp;
|
||||
|
||||
if (name == NULL && (name = TZDEFAULT) == NULL)
|
||||
return -1;
|
||||
|
||||
{
|
||||
register int doaccess;
|
||||
/*
|
||||
@ -308,6 +309,12 @@ register struct state * const sp;
|
||||
}
|
||||
if (doaccess && access(name, R_OK) != 0)
|
||||
return -1;
|
||||
/*
|
||||
* XXX potential security problem here if user of a set-id
|
||||
* program has set TZ (which is passed in as name) here,
|
||||
* and uses a race condition trick to defeat the access(2)
|
||||
* above.
|
||||
*/
|
||||
if ((fid = open(name, OPEN_MODE)) == -1)
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $ */
|
||||
/* $NetBSD: termcap.c,v 1.11 1997/04/22 12:33:20 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1980, 1993
|
||||
@ -37,7 +37,7 @@
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)termcap.c 8.1 (Berkeley) 6/4/93";
|
||||
#else
|
||||
static char rcsid[] = "$NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $";
|
||||
static char rcsid[] = "$NetBSD: termcap.c,v 1.11 1997/04/22 12:33:20 mrg Exp $";
|
||||
#endif
|
||||
#endif /* not lint */
|
||||
|
||||
@ -139,6 +139,11 @@ tgetent(bp, name)
|
||||
if (cgetset(cp) < 0)
|
||||
return (-2);
|
||||
|
||||
/*
|
||||
* XXX potential security hole here in a set-id program if the
|
||||
* user had setup name to be built from a path they can not
|
||||
* normally read.
|
||||
*/
|
||||
dummy = NULL;
|
||||
i = cgetent(&dummy, pathvec, name);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user