Patch'es that will (hopefully) be mentioned in 2.4.4..

Rudolf Floers r.floers at web.de
Wed Dec 20 13:04:46 PST 2000


> Yo,
> 
> I was talking to Gerard this morning about adding the recent security
> patch'es (ala ed and glibc) to LFS...at least in the fashion of at least
> mentioning it to the user that it is a good idea
> 
> Ed - http://www.debian.org/security/2000/20001129
> Glibc - http://www.debian.org/security/2000/20000902
> 
> After looking at Debian's Security repository it started to make me
> wonder at such packages like modutils and make that were listed...
> 
> Not just that, but most of the patch'es provided by Distro's are
> specific to it, adding all there "extra" features, there doesn't seem to
> be a simple patch from the pristine sources for ed, glibc, etc... makes me
> wonder the point of general linux security ;)
> 
> *mumbles away and wonders if anyone knows what he is asking*
> 
> -
> Jesse Tie Ten Quee - highos at highos dot com
> 
> 

hi jesse,

i've found one patch for glibc-2.1.3.
it's just 27 lines.. and don't know if this is what we are looking for.
would you have a look at it?

RF

-------------- next part --------------
--- glibc-2.1.3/sysdeps/generic/dl-environ-orig.c
+++ glibc-2.1.3/sysdeps/generic/dl-environ.c
@@ -1,5 +1,5 @@
-/*Environment handling for dynamic loader.
-   Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
+/* Environment handling for dynamic loader.
+   Copyright (C) 1995, 1996, 1997, 1998, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -55,7 +55,8 @@
   const size_t len = strlen (name);
   char **ep;
 
-  for (ep = _environ; *ep != NULL; ++ep)
+  ep = _environ;
+  while (*ep != NULL)
     if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
       {
 	/* Found it.  Remove this pointer by moving later ones back.  */
@@ -66,4 +67,6 @@
 	while (*dp++);
 	/* Continue the loop in case NAME appears again.  */
       }
+    else
+      ++ep;
 }


More information about the lfs-security mailing list