On Tue, Aug 31, 2010 at 4:50 PM, Martin Bähr
<[email protected]> wrote:
> On Tue, Aug 31, 2010 at 04:31:22PM +0800, Jeffrey 'jf' Lim wrote:
>> On Tue, Aug 31, 2010 at 10:30 AM, Soh Kam Yung <[email protected]> wrote:
>> > [
>> > http://threatpost.com/en_us/blogs/some-linux-distros-vulnerable-version-dll-hijacking-bug-082610
>> > ]
>> "some" linux distros? Yeah, debian. Again.
>
> no,
>
> the debian patch applies to couchdb only, and all it does that it
> triggers the problem described in the article, namely that a empty path
> is interpreted as the working directory!
>
> i am sure there are other applications that make the same mistake.
>
> however this is all blaming the wrong people, i think. the real blame
> should go to whatever made an empty path to mean the working directory.
>
thanks for that clarification. I guess then somebody else planted the
seed of this problem.. and then Debian helpfully exposed it?
> i have not followed the discussion but i wonder why empty entries are
> not simply ignored. the working directory could still be included in the
> path if that is desired by using an explicit ".".
>
no idea myself. The explicity "." is indeed better.
-jf
--
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."
--Richard Stallman
"It's so hard to write a graphics driver that open-sourcing it would not help."
-- Andrew Fear, Software Product Manager, NVIDIA Corporation
http://kerneltrap.org/node/7228
_______________________________________________
LUGS Mailing list - [email protected]
List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq
Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet
To unsubscribe send an empty email to: [email protected]
