From owner-svn-src-all@FreeBSD.ORG Fri Dec 23 17:06:52 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AD4F1065680; Fri, 23 Dec 2011 17:06:52 +0000 (UTC) (envelope-from kabaev@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id C746D8FC28; Fri, 23 Dec 2011 17:06:51 +0000 (UTC) Received: by qcse13 with SMTP id e13so8600849qcs.13 for ; Fri, 23 Dec 2011 09:06:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; bh=2pNTQpJrOYyboksIIw/tHXQl4XC7Y8KiJFTH66mAgJU=; b=VBKXvvwWbbP+wGlI94tKSYNFdoWYukYFsUfvSrnUZabKca7Z7JHW2S38nxBr8nkmU+ DtyOWJEnbn2HAtPnuFEiLiXZ7NdoXK/5kicO6EdrPE7esRkSN9L4AkpH7tIGctK3ThW7 IihtIhaOze/ZVTUVct94ePl4bL/Sz+DMCRUM0= Received: by 10.229.111.158 with SMTP id s30mr6270731qcp.13.1324660010874; Fri, 23 Dec 2011 09:06:50 -0800 (PST) Received: from kan.dyndns.org (c-24-63-226-98.hsd1.ma.comcast.net. [24.63.226.98]) by mx.google.com with ESMTPS id m20sm25156473qaj.14.2011.12.23.09.06.49 (version=SSLv3 cipher=OTHER); Fri, 23 Dec 2011 09:06:49 -0800 (PST) Date: Fri, 23 Dec 2011 12:06:44 -0500 From: Alexander Kabaev To: John Baldwin Message-ID: <20111223120644.75fe944d@kan.dyndns.org> In-Reply-To: <201112231122.34436.jhb@freebsd.org> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> X-Mailer: Claws Mail 3.7.10 (GTK+ 2.24.6; amd64-portbld-freebsd9.0) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/HBu.brn+1n7ff.WMuAnuq7Z"; protocol="application/pgp-signature" Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Colin Percival Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 17:06:52 -0000 --Sig_/HBu.brn+1n7ff.WMuAnuq7Z Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 23 Dec 2011 11:22:34 -0500 John Baldwin wrote: > On Friday, December 23, 2011 10:58:46 am John Baldwin wrote: > > On Friday, December 23, 2011 10:00:38 am Colin Percival wrote: > > > Author: cperciva > > > Date: Fri Dec 23 15:00:37 2011 > > > New Revision: 228843 > > > URL: http://svn.freebsd.org/changeset/base/228843 > > >=20 > > > Log: > > > Fix a problem whereby a corrupt DNS record can cause named to > > > crash. [11:06]=20 > > > Add an API for alerting internal libc routines to the presence > > > of "unsafe" paths post-chroot, and use it in ftpd. [11:07] > >=20 > > Eh, the whole libc_dlopen() thing looks like a gross hack (and who > > came up with that weird symbol name for a public API????). Is it > > really even needed given the other fix to have ftpd drop privilege > > before execing a helper program? I guess the main reason I don't > > like it is it doesn't do anything to address the more general > > problem. I would have expected instead something to restrict > > dlopen() entirely including from other libraries than just libc in > > certain circumstances. >=20 > At the very least if we feel that the libc_dlopen() thing is a > temporary band-aid, we should move the new symbols into the private > namespace so we can remove them once the better fix is in rather than > being required to support them forever. >=20 > --=20 > John Baldwin Pardon for not catching that when I had a chance to influence the outcome, but I would like to voice my support to tucking the ugliness into private version namespace. --=20 Alexander Kabaev --Sig_/HBu.brn+1n7ff.WMuAnuq7Z Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iD8DBQFO9LUoQ6z1jMm+XZYRAioCAJ4xZWtZWyGgyNxN5yWp6YuMMyAnTQCg2BzR RZYi7OL5KgkSfKzX3gYMslU= =NSef -----END PGP SIGNATURE----- --Sig_/HBu.brn+1n7ff.WMuAnuq7Z--