Date: Mon, 24 Mar 1997 19:35:37 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> To: Warner Losh <imp@village.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c Message-ID: <Pine.BSF.3.95q.970324193116.2145B-100000@nagual.ru> In-Reply-To: <E0w9BXb-00057I-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Mar 1997, Warner Losh wrote: > In message <Pine.BSF.3.95q.970324161835.660B-100000@nagual.ru> =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes: > : 2) I object of disallowing alternative termcap files, I always use > : my own termcap file (and many users do it to) and treat this step > : as functionality degradation, please back it out. > > When you are running with elevated privs, you have to do something to > prevent people from specifying files they don't normally have > permission to read. I'll see what it takes to put this in with the > right checks. The first idea which comes to mind is very simple: if you running with privs, read only world-readable files (f.e. termcap files) I don't see this thing is ever needed for tz files because they are supposed to be only relative to /usr/share/zoneinfo. You need to check only for /../../ constructions inside TZ value. -- Andrey A. Chernov <ache@null.net> http://www.nagual.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970324193116.2145B-100000>