> > 1. The libraries will use message catalogs and may open them before > > you do > > In NetBSD, the message catalogs we use don't work that way, so I > suppose I'm not familiar with this issue. Does libc load message databases of your choice - like say /dev/tape ? The problems are those of dropping privliedges early enough. As to the bug list thats real apps that need fixing - and should be fixed regardless of whether people bandaid ncurses. how do you fix this? how does a _library_ know this? openbsd has defined an issetugid() syscall (or something) that libraries could use to ignore the things like $TAPE and $TERMCAP, etc., but that isn't correct. how does it know what the real userid _really_ is, to perform the necessary checks on whether a file will be used or not -- or do you simple say that priviledged programs don't get this functionality? i also don't see how the linux setfsuid() really helps here, either. i've had fixing this in problem in my TODO liist for over 2 years but without a total solution i've left it as is for now. these are the variables listed that NetBSD uses that i've determined are affected: - TZ - TERMCAP - HOSTALIASES
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:57 PDT