Date: Tue, 04 Feb 1997 13:48:04 -0800 From: John Polstra <jdp@polstra.com> To: Joe Greco <jgreco@solaria.sol.net> Cc: gpalmer@freebsd.org, core@freebsd.org, security@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <199702042148.NAA25064@austin.polstra.com> In-Reply-To: Your message of "Tue, 04 Feb 1997 11:27:39 CST." <199702041727.LAA01352@solaria.sol.net> References: <199702041727.LAA01352@solaria.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> In revision 1.21 of crt0.c, ache removed these bits of code, and
> several other sources indicate that removal of the locale code is
> a sufficient fix. It therefore seems appropriate to move forward
> by removing this from crt0.c.
Nobody seems to dispute that. But has the actual problem (the buffer
overflow) been fixed in the locale code? That needs to be done too.
> If anyone is aware of any undesirable side effects
The thing to do when you're changing crt0.c is to think very carefully
about what will happen with all the combinations:
new crt0, old libc.so.x.x
old crt0, new libc.so.x.x
new crt0, new libc.so.x.x
and test all the combinations too. I have been burned by this more
than once, when I had thought I had it all figured out. It's a
really unpleasant experience to wake up the morning after a commit
and find out you've broken make world for a few dozen people. The
crt0 changes are particularly insidious, because they can be very
hard to back out again.
Anyway, I personally don't see such problems in your proposed change.
PS - Welcome to the development team!
John P.
--
John Polstra jdp@polstra.com
John D. Polstra & Co., Inc. Seattle, Washington USA
"Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702042148.NAA25064>