> >>I went hunting for more apps in the hundreds of ports installed at my >>shop to see what our exposure was to the scandir() problem - much to >>my surpise out of 700 or so ports, only a dozen or so used the libc >>scandir(). A handful of mail programs had a vulnerable local >>implementation of scandir() - looks like they copied UW's imap code which >>was based on the 4.2 BSD code. It's not clear to me that those get used if >>there's an OS implementation of scandir, but I'll write to them too. > >We only recently added scandir to Solaris libc.
The implication of which, of course, is that any app build for Solaris 9 or before which uses scandir may have picked up a broken one. Casper _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
