Re: Release-critical Bugreport for November 26, 1999

To: jk@espy.org (Joel Klecker)
Cc: debian-devel@lists.debian.org
Subject: Re: Release-critical Bugreport for November 26, 1999
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 29 Nov 1999 09:52:10 +1100
Message-id: <199911282252.JAA02316@gondor.apana.org.au>
In-reply-to: <199911280216.NAA19711@gondor.apana.org.au> <v04220801b466c91cdf6b@[206.163.71.146]>

Joel Klecker <jk@espy.org> wrote:
> At 13:16 +1100 1999-11-28, Herbert Xu wrote:

>>AFAIK, there aren't any security implications here if the strategy is to
>>copy the libc5 behaviour (my preference).

> There is no strategy, this bug is not gonna be "fixed" unless upstream
> agrees. Upstream says the bug is in the BSD man page for rexec(3), which
> claims a behavior that the source for the function doesn't have.

Let me repeat, if you're going to have code in rexec(3) to do the netrc
search, then you better make sure that if the search fails it doesn't core
dump.  Otherwise just remove the search as well as ruserpass() so that I
can do it.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

References:
- Re: Release-critical Bugreport for November 26, 1999
  - From: Joel Klecker <jk@espy.org>

Prev by Date: Re: Release-critical Bugreport for November 26, 1999
Next by Date: Re: Release-critical Bugreport for November 26, 1999
Previous by thread: Re: Release-critical Bugreport for November 26, 1999
Next by thread: Re: Release-critical Bugreport for November 26, 1999
Index(es):
- Date
- Thread