From owner-freebsd-security  Wed Feb  5 06:49:01 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id GAA18495
          for security-outgoing; Wed, 5 Feb 1997 06:49:01 -0800 (PST)
Received: from smyrno.sol.net (smyrno.sol.net [206.55.64.117])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA18308;
          Wed, 5 Feb 1997 06:47:19 -0800 (PST)
Received: from solaria.sol.net (solaria.sol.net [206.55.65.75]) by smyrno.sol.net (8.8.3/8.8.3) with SMTP id IAA25199; Wed, 5 Feb 1997 08:47:15 -0600 (CST)
Received: from localhost by solaria.sol.net (8.5/8.5)
	id IAA11557; Wed, 5 Feb 1997 08:47:13 -0600
From: Joe Greco <jgreco@solaria.sol.net>
Message-Id: <199702051447.IAA11557@solaria.sol.net>
Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE
To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij)
Date: Wed, 5 Feb 97 8:47:11 CST
Cc: joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org,
        jkh@freebsd.org
In-Reply-To: <199702051105.MAA21662@bsd.lss.cp.philips.com> from "Guido van Rooij" at Feb 5, 97 12:05:13 pm
X-Mailer: ELM [version 2.4dev PL65]
MIME-Version: 1.0
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > I thought this has been removed long ago.
> > 
> > Go for it.  It has been found to be a poor concept anyway.
> 
> Yiou can use the lfix program to do so. It was posted by a Russian guy,
> who's name I forgot. I added a fix so it can actually do the complete
> filesystem in one sweep. Basically it patches the binary to replace
> the above call by nop's.

PERFECT!!!  We have a solution  :-)  (this was the most worrisome security
hole, the smaller ones like talkd could be "patched" much more easily).

But could you be a little more vague, please?  Where do I get it from?  :-)

I don't see it on Freefall...  a DejaNews search doesn't turn anything up...
Ah.  I see it on the security list archive.

Jordan: once we have it tested, can we get this posted somewhere and make 
big blinking neon signs that PEOPLE NEED TO RUN THIS?  I'm gonna compile 
it up and try it shortly.

With this, it would be MUCH simpler to release a "security binary kit"
upgrade to 2.1.X series systems.

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847