From owner-cvs-lib  Mon Mar 24 08:51:07 1997
Return-Path: <owner-cvs-lib>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id IAA17726
          for cvs-lib-outgoing; Mon, 24 Mar 1997 08:51:07 -0800 (PST)
Received: from sequent.kiae.su (sequent.kiae.su [193.125.152.6])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA17711;
          Mon, 24 Mar 1997 08:50:43 -0800 (PST)
Received: by sequent.kiae.su id AA16178
  (5.65.kiae-2 ); Mon, 24 Mar 1997 19:28:01 +0300
Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 24 Mar 97 19:28:00 +0300
Received: (from ache@localhost)
	by nagual.ru (8.8.5/8.8.5) id TAA02126;
	Mon, 24 Mar 1997 19:25:29 +0300 (MSK)
Date: Mon, 24 Mar 1997 19:25:28 +0300 (MSK)
From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru>
To: Warner Losh <imp@freefall.freebsd.org>
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-lib@freefall.freebsd.org
Subject: Re: cvs commit:  src/lib/libc/stdtime localtime.c
In-Reply-To: <199703240609.WAA00671@freefall.freebsd.org>
Message-Id: <Pine.BSF.3.95q.970324192251.2099C-100000@nagual.ru>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-lib@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 23 Mar 1997, Warner Losh wrote:

> imp         97/03/23 22:09:53
> 
>   Modified:    lib/libc/stdtime  localtime.c
>   Log:
>   Don't open the tz file if we're running setuid or setgid to prevent infomration
>   leakage.

I forget to note that this change should be backed out in any case.
It broke whole TZ idea. If you need check, do it properly checking
ranges and overflowes inside localtime code itself, not by disallowing
tz file opening.

-- 
Andrey A. Chernov
<ache@null.net>
http://www.nagual.ru/~ache/