> > 1. The libraries will use message catalogs and may open them before
> > you do
>
> In NetBSD, the message catalogs we use don't work that way, so I
> suppose I'm not familiar with this issue.
Does libc load message databases of your choice - like say /dev/tape ? The
problems are those of dropping privliedges early enough. As to the bug list
thats real apps that need fixing - and should be fixed regardless of whether
people bandaid ncurses.
how do you fix this? how does a _library_ know this? openbsd has defined an
issetugid() syscall (or something) that libraries could use to ignore the
things like $TAPE and $TERMCAP, etc., but that isn't correct. how does it
know what the real userid _really_ is, to perform the necessary checks on
whether a file will be used or not -- or do you simple say that priviledged
programs don't get this functionality?
i also don't see how the linux setfsuid() really helps here, either.
i've had fixing this in problem in my TODO liist for over 2 years but
without a total solution i've left it as is for now. these are the
variables listed that NetBSD uses that i've determined are affected:
- TZ
- TERMCAP
- HOSTALIASES
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:57 PDT