cool! thanks for the info.... -jf
On Tue, Aug 31, 2010 at 6:19 PM, Martin Baehr <[email protected]> wrote: > On Tue, Aug 31, 2010 at 05:57:04PM +0800, Jeffrey 'jf' Lim wrote: >> thanks for that clarification. I guess then somebody else planted the >> seed of this problem.. and then Debian helpfully exposed it? > > the seed of the problem may have been around for a long time. > > as far as the debian patch goes, see here: > http://www.openwall.com/lists/oss-security/2010/08/26/1 > > fedora uses the same patch. > > i don't think they exposed anything, they probably just missed the > problem like everyone else. maybe assuming that LD_LIBRARY_PATH is > always set, or not being aware of how empty fields are treated, but that > is just speculation on my part > >> > i have not followed the discussion but i wonder why empty entries are >> > not simply ignored. the working directory could still be included in the >> > path if that is desired by using an explicit ".". >> no idea myself. The explicity "." is indeed better. > > this aspect is being discussed here: > http://www.openwall.com/lists/oss-security/2010/08/29/4 > > greetings, martin. > -- > cooperative communication with sTeam - caudium, pike, roxen and unix > searching contract jobs: debugging, programming, training and administration > -- > pike programmer working in china community.gotpike.org > foresight developer (open-steam|caudium).org foresightlinux.org > unix sysadmin iaeste.at realss.com > Martin Bähr http://www.iaeste.at/~mbaehr/ is.schon.org > _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
