On Tue, Aug 31, 2010 at 04:31:22PM +0800, Jeffrey 'jf' Lim wrote: > On Tue, Aug 31, 2010 at 10:30 AM, Soh Kam Yung <[email protected]> wrote: > > [ > > http://threatpost.com/en_us/blogs/some-linux-distros-vulnerable-version-dll-hijacking-bug-082610 > > ] > "some" linux distros? Yeah, debian. Again.
no, the debian patch applies to couchdb only, and all it does that it triggers the problem described in the article, namely that a empty path is interpreted as the working directory! i am sure there are other applications that make the same mistake. however this is all blaming the wrong people, i think. the real blame should go to whatever made an empty path to mean the working directory. i have not followed the discussion but i wonder why empty entries are not simply ignored. the working directory could still be included in the path if that is desired by using an explicit ".". greetings, martin. -- cooperative communication with sTeam - caudium, pike, roxen and unix searching contract jobs: debugging, programming, training and administration -- pike programmer working in china community.gotpike.org foresight developer (open-steam|caudium).org foresightlinux.org unix sysadmin iaeste.at realss.com Martin Bähr http://www.iaeste.at/~mbaehr/ is.schon.org _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
