Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Feb 97 11:27:39 CST
From:      Joe Greco <jgreco@solaria.sol.net>
To:        gpalmer@freebsd.org
Cc:        core@freebsd.org, security@freebsd.org
Subject:   2.1.6+++: crt0.c CRITICAL CHANGE
Message-ID:  <199702041727.LAA01352@solaria.sol.net>
next in thread | raw e-mail | index | archive | help 
(I just got commit privs, and already I am looking to make a change that
affects the entire 2.1-STABLE tree...)

I offer for inspection, 

freefall:/f/tmp/jgreco/src/lib/csu/i386/crt0.c

as a proposed change to 2.1-STABLE's crt0.c

This file, derived from version 1.16.4.4, has one functional change:
removal of the "startup locale" code.  

The following lines were removed:

#include <locale.h>

extern void           _startup_setlocale __P((int, const char *));

	if (getenv("ENABLE_STARTUP_LOCALE") != NULL)
		_startup_setlocale(LC_ALL, "");

The locale code has a buffer overrun condition that allows this little
code bit to potentially compromise the associated program - that's 
pretty much all of them, unfortunately.  The locale code should be fixed
as well, although I am not yet aware of what changes need to be made
there.

In revision 1.21 of crt0.c, ache removed these bits of code, and several
other sources indicate that removal of the locale code is a sufficient
fix.  It therefore seems appropriate to move forward by removing this
from crt0.c.

If anyone is aware of any undesirable side effects, or has any objection
to this modification being committed to the 2.1-STABLE branch, please
speak up.  I am obviously aware that crt0.c is a critical bit of code,
and no change to this code should be undertaken lightly.

I will commit this code tomorrow unless there is any objection.  I would
prefer to have several people review the change and acknowledge that this
is acceptable.

Thank you,

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702041727.LAA01352>