Re: getgrouplist segfault?

From: Pavel Tsekov <ptsekov gmx net>
Cc: MC Devel <mc-devel gnome org>
Subject: Re: getgrouplist segfault?
Date: Thu, 7 Jul 2005 10:57:40 +0300

Hello,

On Wed, 6 Jul 2005, Leonard den Ottolander wrote:

> > As this is clearly a buffer overflow, we should not use the function at
> > all and document this somewhere. Maybe like that:
> >
> > #if 0
> > /* the glibc implementation of getgrouplist(3) has a
> >   * buffer overflow vulnerability, so we cannot use this function */
> > ...
> > #endif
>
> What a curious suggestion. If we wouldn't use functions that might have
> been poorly implemented in any version of any library mc uses there
> wouldn't be many functions left to use after a while. If this is indeed
> a glibc issue the user should patch his glibc.

I second that.

References:
- getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Pavel Tsekov
- Re: getgrouplist segfault?
  - From: Roland Illig
- Re: getgrouplist segfault?
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]