Date: Mon, 24 Mar 1997 19:25:28 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> To: Warner Losh <imp@freefall.freebsd.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdtime localtime.c Message-ID: <Pine.BSF.3.95q.970324192251.2099C-100000@nagual.ru> In-Reply-To: <199703240609.WAA00671@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Mar 1997, Warner Losh wrote: > imp 97/03/23 22:09:53 > > Modified: lib/libc/stdtime localtime.c > Log: > Don't open the tz file if we're running setuid or setgid to prevent infomration > leakage. I forget to note that this change should be backed out in any case. It broke whole TZ idea. If you need check, do it properly checking ranges and overflowes inside localtime code itself, not by disallowing tz file opening. -- Andrey A. Chernov <ache@null.net> http://www.nagual.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970324192251.2099C-100000>