In message: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7_at_eecs.cwru.edu> Justin Hibbits <jrh29_at_eecs.cwru.edu> writes: : Hey folks, got an interesting patch. This adds a ~/.hosts file : (personal version of /etc/hosts). It was written against 6-STABLE : about a week before 6.1 was released, and has been sitting collecting : dust for the last month and a half. Currently it augments /etc/hosts : instead of replacing it or prepending it. Any comments? One : suggestion that was made was to make it an nss module so that it : could be controlled by the admin. It probably could use some cleanup : as well, just putting it out here for proof of concept for now, and : some direction. I specifically disabled similar functionality for setuid programs when I was security officer. It was for HOSTALIAS files. These are files that are read through the HOSTALIAS environment variable. this was implemented in resolv/res_query.c. similar to what you've listed here. Your check for setuid is insuffient. You should use issetugid() rather than the tests against euid and uid which can fail and doesn't take groups into account at all. http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/3524 contains all the details, such as it is. WarnerReceived on Sun Jun 25 2006 - 06:08:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC