From owner-cvs-lib Mon Mar 24 09:33:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA20219 for cvs-lib-outgoing; Mon, 24 Mar 1997 09:33:55 -0800 (PST) Received: from sovcom.kiae.su (sovcom.kiae.su [193.125.152.1]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA20193; Mon, 24 Mar 1997 09:33:42 -0800 (PST) Received: by sovcom.kiae.su id AA14853 (5.65.kiae-1 ); Mon, 24 Mar 1997 19:36:07 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Mon, 24 Mar 97 19:36:06 +0300 Received: (from ache@localhost) by nagual.ru (8.8.5/8.8.5) id TAA02166; Mon, 24 Mar 1997 19:35:39 +0300 (MSK) Date: Mon, 24 Mar 1997 19:35:37 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= To: Warner Losh Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 24 Mar 1997, Warner Losh wrote: > In message =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes: > : 2) I object of disallowing alternative termcap files, I always use > : my own termcap file (and many users do it to) and treat this step > : as functionality degradation, please back it out. > > When you are running with elevated privs, you have to do something to > prevent people from specifying files they don't normally have > permission to read. I'll see what it takes to put this in with the > right checks. The first idea which comes to mind is very simple: if you running with privs, read only world-readable files (f.e. termcap files) I don't see this thing is ever needed for tz files because they are supposed to be only relative to /usr/share/zoneinfo. You need to check only for /../../ constructions inside TZ value. -- Andrey A. Chernov http://www.nagual.ru/~ache/