From owner-cvs-lib  Mon Mar 24 06:50:37 1997
Return-Path: <owner-cvs-lib>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id GAA11390
          for cvs-lib-outgoing; Mon, 24 Mar 1997 06:50:37 -0800 (PST)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.0.193])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA11288;
          Mon, 24 Mar 1997 06:50:11 -0800 (PST)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.8.5/8.8.5) id JAA13490;
	Mon, 24 Mar 1997 09:50:05 -0500 (EST)
Date: Mon, 24 Mar 1997 09:50:05 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199703241450.JAA13490@khavrinen.lcs.mit.edu>
To: Warner Losh <imp@freefall.freebsd.org>
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-lib@freefall.freebsd.org
Subject: cvs commit:  src/lib/libc/stdtime localtime.c
In-Reply-To: <199703240609.WAA00671@freefall.freebsd.org>
References: <199703240609.WAA00671@freefall.freebsd.org>
Sender: owner-cvs-lib@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

<<On Sun, 23 Mar 1997 22:09:55 -0800 (PST), Warner Losh <imp@freefall.freebsd.org> said:

> imp         97/03/23 22:09:53
>   Modified:    lib/libc/stdtime  localtime.c
>   Log:
>   Don't open the tz file if we're running setuid or setgid to prevent infomration
>   leakage.
  
Um, from this description, this sounds like the most incredibly
idiotic idea I've ever heard...  You've completely broken localtime()
for set[ug]id executables.

Sorry if that sounds too harsh, but I don't see it as an advance.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick