From owner-freebsd-security Mon Feb 3 20:55:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA17957 for security-outgoing; Mon, 3 Feb 1997 20:55:23 -0800 (PST) Received: from spitfire.ecsel.psu.edu (qmailr@spitfire.ecsel.psu.edu [146.186.218.51]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id UAA17942 for ; Mon, 3 Feb 1997 20:55:09 -0800 (PST) Received: (qmail 1527 invoked by uid 1000); 4 Feb 1997 04:54:49 -0000 Message-ID: <19970204045449.1526.qmail@spitfire.ecsel.psu.edu> To: "Daniel O'Callaghan" cc: security@freebsd.org Subject: Re: Patches for 2.1.6-RELEASE locale stuff... In-reply-to: Your message of "Tue, 04 Feb 1997 15:38:46 +1100." Date: Mon, 03 Feb 1997 23:54:49 -0500 From: Dan Cross Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Thanks for all the work you are putting in on this. No problem, this is the most interesting thing that I've been involved with in days. :-) > One thing I'm not > sure of is the impact this has on static binaries. Can you please > clarify this, possibly to freebsd-security. Well, staticly linked binaries are just as vulnerable to attack as dynamically linked ones. The problem is two fold with staticly linked binaries, however, since recompiling the libraries is not enough to fix the problem, one must also recompile the staticly linked binaries and link them against the patched libraries. Hope this helps! (cc'ed to security@freebsd.org as requested.) - Dan C.