From owner-cvs-all Thu Jul 27 7:59:43 2000 Delivered-To: cvs-all@freebsd.org Received: from eeyore.local.dohd.org (d0030.dtk.chello.nl [213.46.0.30]) by hub.freebsd.org (Postfix) with ESMTP id 5BADF37B5C9; Thu, 27 Jul 2000 07:59:35 -0700 (PDT) (envelope-from freebsd@dohd.org) Received: by eeyore.local.dohd.org (Postfix+IPv6, from userid 1008) id B1F32BA9F; Thu, 27 Jul 2000 16:59:32 +0200 (MET DST) Date: Thu, 27 Jul 2000 16:59:32 +0200 From: Mark Huizer To: John Polstra Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/ldconfig elfhints.c ldconfig.8 ldconfig.c Message-ID: <20000727165932.A6878@dohd.cx> References: <200007260447.VAA44122@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200007260447.VAA44122@freefall.freebsd.org>; from jdp@FreeBSD.org on Tue, Jul 25, 2000 at 09:47:17PM -0700 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jul 25, 2000 at 09:47:17PM -0700, John Polstra wrote: > jdp 2000/07/25 21:47:17 PDT > > Modified files: > sbin/ldconfig elfhints.c ldconfig.8 ldconfig.c > Log: > If a directory is world-writable or is not owned by root, skip it > and emit a warning. This is a security measure since ldconfig > influences the shared libraries used by all programs. > > I think the check should be made even more stringent by also > ignoring group-writable directories. I will make that change soon > unless we encounter a good reason not to do it. > > Submitted by: Maxime Henrion group-writable is a bad thing I'd say. We have machines with a /usr/local and /usr/exp writable for groupmembers of local and exp. The people in local are trusted enough to install libs in /usr/local/lib. So it's group writable. Mark -- Nice testing in little China... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message