Date: Tue, 04 Feb 1997 13:48:04 -0800 From: John Polstra <jdp@polstra.com> To: Joe Greco <jgreco@solaria.sol.net> Cc: gpalmer@freebsd.org, core@freebsd.org, security@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <199702042148.NAA25064@austin.polstra.com> In-Reply-To: Your message of "Tue, 04 Feb 1997 11:27:39 CST." <199702041727.LAA01352@solaria.sol.net> References: <199702041727.LAA01352@solaria.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> In revision 1.21 of crt0.c, ache removed these bits of code, and > several other sources indicate that removal of the locale code is > a sufficient fix. It therefore seems appropriate to move forward > by removing this from crt0.c. Nobody seems to dispute that. But has the actual problem (the buffer overflow) been fixed in the locale code? That needs to be done too. > If anyone is aware of any undesirable side effects The thing to do when you're changing crt0.c is to think very carefully about what will happen with all the combinations: new crt0, old libc.so.x.x old crt0, new libc.so.x.x new crt0, new libc.so.x.x and test all the combinations too. I have been burned by this more than once, when I had thought I had it all figured out. It's a really unpleasant experience to wake up the morning after a commit and find out you've broken make world for a few dozen people. The crt0 changes are particularly insidious, because they can be very hard to back out again. Anyway, I personally don't see such problems in your proposed change. PS - Welcome to the development team! John P. -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702042148.NAA25064>