From owner-freebsd-security Thu Jun 27 13:19:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id AF39B37B400 for ; Thu, 27 Jun 2002 13:19:36 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA18152 for ; Thu, 27 Jun 2002 14:19:26 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020627141350.024ff190@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 27 Jun 2002 14:19:14 -0600 To: security@FreeBSD.ORG From: Brett Glass Subject: glibc and the resolv bug Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Because I program professionally, I don't read GPLed code due to license concerns. (If one has read GPLed code, it may be possible for someone to argue that work you do later is derivative and that you must give it away.) However, out of curiosity, I asked a programmer who does work on GPLed code to look at the portions of glibc that correspond to the buggy resolution code in the BSD libc. According to this programmer, the glibc code appears to have been derived from the BSD code, but the bug was fixed -- apparently some time ago. And the programmer who did so left a note, set off by "XXX", saying that he had done so. He did not, however, do the responsible thing and notify users of other platforms that the bug was likely to exist in their C libraries. Hence, we're left with the mess we have now. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message