Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: glibc env. vars. (again) (fwd)
From: Chris Evans (chrisferret.lmh.ox.ac.uk)
Date: Wed May 24 2000 - 16:34:58 CDT
- Next message: Chris Evans: "Here's another glibc env. var."
- Previous message: Chris Evans: "Re: glibc env. vars. (again)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Thats a glibc security hole period
I think it's safe -
Of course when I said "safe", I mean in the context of the
write(2,...) case. MALLOC_CHECK_ should still be wrapped in
secure_getenv. Otherwise with MALLOC_CHECK_=2, users can essentially
abort() suid programs upon minor memory mismanagement