--- Comment #7 from ben at decadentplace dot org dot uk 2005-11-10 11:33
---
I have no interest in constructing buffer overflow exploits, but if someone
were to construct shell-code in a filename it should be possible to use it
against a privileged user of libgcj that reads user-specifi
--- Comment #6 from tromey at gcc dot gnu dot org 2005-10-03 14:28 ---
Ben, you can send private email about this to the folks listed
as libgcj maintainers in the gcc MAINTAINERS file, namely Bryce
and me.
--
tromey at gcc dot gnu dot org changed:
What|Removed
--- Comment #5 from dberlin at gcc dot gnu dot org 2005-10-03 01:01 ---
Subject: Re: [SECURITY] readdir_r considered harmful
On Sun, 2 Oct 2005, ben at decadentplace dot org dot uk wrote:
>
>
> --- Comment #1 from ben at decadentplace dot org dot uk 2005-10-02 23:16
> ---
--- Comment #4 from ben at decadentplace dot org dot uk 2005-10-02 23:38
---
Andrew, I agree this is a problem with readdir_r, hence my original subject
(and the fact that I'm reporting bugs in a large number of other programs). I'm
not going to publish the advisory until 1st November.
--- Comment #3 from pinskia at gcc dot gnu dot org 2005-10-02 23:28 ---
But from the sound of this, this is a bug in readdir_r and not fully in libgcj.
Yes libgcj should be testing the return value of pathconf but I assume from
reading the man pages of pathconf and readdir_r, there shou
