On Tue, Aug 31, 2010 at 05:57:04PM +0800, Jeffrey 'jf' Lim wrote: > thanks for that clarification. I guess then somebody else planted the > seed of this problem.. and then Debian helpfully exposed it?
the seed of the problem may have been around for a long time. as far as the debian patch goes, see here: http://www.openwall.com/lists/oss-security/2010/08/26/1 fedora uses the same patch. i don't think they exposed anything, they probably just missed the problem like everyone else. maybe assuming that LD_LIBRARY_PATH is always set, or not being aware of how empty fields are treated, but that is just speculation on my part > > i have not followed the discussion but i wonder why empty entries are > > not simply ignored. the working directory could still be included in the > > path if that is desired by using an explicit ".". > no idea myself. The explicity "." is indeed better. this aspect is being discussed here: http://www.openwall.com/lists/oss-security/2010/08/29/4 greetings, martin. -- cooperative communication with sTeam - caudium, pike, roxen and unix searching contract jobs: debugging, programming, training and administration -- pike programmer working in china community.gotpike.org foresight developer (open-steam|caudium).org foresightlinux.org unix sysadmin iaeste.at realss.com Martin Bähr http://www.iaeste.at/~mbaehr/ is.schon.org _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
