[illumos-Developer] Should the illumos libc glob include GLOB_LIMIT?
Gary Mills
mills at cc.umanitoba.ca
Wed Jun 8 17:19:46 PDT 2011
I've been looking at the glob(3C) function in illumos (and Solaris)
libc. It defines only the set of flags defined by POSIX 1003.2.
Other operating systems add a set of non-standard flags. The most
recent of these seems to be GLOB_LIMIT, an option that instructs the
glob function to limit its path search before resources are exhausted.
This option is needed to protect against a class of DOS attacks that
are possible when services utilize the glob function from libc.
What are the implications of adding a GLOB_LIMIT flag to the glob(3C)
function? Applications would have to set this flag before they could
take advantage of its function. Existing applications would not be
affected. Is this a good approach, or are there are better
alternatives?
--
-Gary Mills- -Unix Group- -Computer and Network Services-
More information about the Developer
mailing list