From owner-freebsd-security Tue Feb 4 09:29:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA29912 for security-outgoing; Tue, 4 Feb 1997 09:29:41 -0800 (PST) Received: from anacreon.sol.net (anacreon.sol.net [206.55.64.116]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA29829; Tue, 4 Feb 1997 09:27:47 -0800 (PST) Received: from solaria.sol.net (solaria.sol.net [206.55.65.75]) by anacreon.sol.net (8.6.12/8.6.12) with ESMTP id LAA23751; Tue, 4 Feb 1997 11:27:44 -0600 Received: from localhost by solaria.sol.net (8.5/8.5) id LAA01352; Tue, 4 Feb 1997 11:27:40 -0600 From: Joe Greco Message-Id: <199702041727.LAA01352@solaria.sol.net> Subject: 2.1.6+++: crt0.c CRITICAL CHANGE To: gpalmer@freebsd.org Date: Tue, 4 Feb 97 11:27:39 CST Cc: core@freebsd.org, security@freebsd.org X-Mailer: ELM [version 2.4dev PL65] MIME-Version: 1.0 Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk (I just got commit privs, and already I am looking to make a change that affects the entire 2.1-STABLE tree...) I offer for inspection, freefall:/f/tmp/jgreco/src/lib/csu/i386/crt0.c as a proposed change to 2.1-STABLE's crt0.c This file, derived from version 1.16.4.4, has one functional change: removal of the "startup locale" code. The following lines were removed: #include extern void _startup_setlocale __P((int, const char *)); if (getenv("ENABLE_STARTUP_LOCALE") != NULL) _startup_setlocale(LC_ALL, ""); The locale code has a buffer overrun condition that allows this little code bit to potentially compromise the associated program - that's pretty much all of them, unfortunately. The locale code should be fixed as well, although I am not yet aware of what changes need to be made there. In revision 1.21 of crt0.c, ache removed these bits of code, and several other sources indicate that removal of the locale code is a sufficient fix. It therefore seems appropriate to move forward by removing this from crt0.c. If anyone is aware of any undesirable side effects, or has any objection to this modification being committed to the 2.1-STABLE branch, please speak up. I am obviously aware that crt0.c is a critical bit of code, and no change to this code should be undertaken lightly. I will commit this code tomorrow unless there is any objection. I would prefer to have several people review the change and acknowledge that this is acceptable. Thank you, ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847