From owner-freebsd-security Wed Feb 5 07:07:31 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA19650 for security-outgoing; Wed, 5 Feb 1997 07:07:31 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA19267; Wed, 5 Feb 1997 07:03:53 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id QAA11694; Wed, 5 Feb 1997 16:02:14 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma011536; Wed Feb 5 16:01:20 1997 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id QAA23409; Wed, 5 Feb 1997 16:01:18 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id QAA01260; Wed, 5 Feb 1997 16:01:18 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Message-Id: <199702051501.QAA01260@bsd.lss.cp.philips.com> Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE To: jgreco@solaria.sol.net (Joe Greco) Date: Wed, 5 Feb 1997 16:01:18 +0100 (MET) Cc: Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org In-Reply-To: <199702051447.IAA11557@solaria.sol.net> from Joe Greco at "Feb 5, 97 08:47:11 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Joe Greco wrote: > > > > Yiou can use the lfix program to do so. It was posted by a Russian guy, > > who's name I forgot. I added a fix so it can actually do the complete > > filesystem in one sweep. Basically it patches the binary to replace > > the above call by nop's. > > PERFECT!!! We have a solution :-) (this was the most worrisome security > hole, the smaller ones like talkd could be "patched" much more easily). > > But could you be a little more vague, please? Where do I get it from? :-) > > I don't see it on Freefall... a DejaNews search doesn't turn anything up... > Ah. I see it on the security list archive. > > Jordan: once we have it tested, can we get this posted somewhere and make > big blinking neon signs that PEOPLE NEED TO RUN THIS? I'm gonna compile > it up and try it shortly. > > With this, it would be MUCH simpler to release a "security binary kit" > upgrade to 2.1.X series systems. Before everyone starts singing `Halleluia', let me state first that this does not solve everything. At runs a setlocale() itsself, so it is still vulnerable. Further, It will not solve the problem for ppl that actually NEED the locale stuff.... -Guido