From owner-freebsd-security Wed Feb 5 07:18:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA27025 for security-outgoing; Wed, 5 Feb 1997 07:18:37 -0800 (PST) Received: from smyrno.sol.net (smyrno.sol.net [206.55.64.117]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA24697; Wed, 5 Feb 1997 07:15:22 -0800 (PST) Received: from solaria.sol.net (solaria.sol.net [206.55.65.75]) by smyrno.sol.net (8.8.3/8.8.3) with SMTP id JAA25592; Wed, 5 Feb 1997 09:15:19 -0600 (CST) Received: from localhost by solaria.sol.net (8.5/8.5) id JAA11822; Wed, 5 Feb 1997 09:15:17 -0600 From: Joe Greco Message-Id: <199702051515.JAA11822@solaria.sol.net> Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Date: Wed, 5 Feb 97 9:15:15 CST Cc: Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org In-Reply-To: <199702051501.QAA01260@bsd.lss.cp.philips.com> from "Guido van Rooij" at Feb 5, 97 04:01:18 pm X-Mailer: ELM [version 2.4dev PL65] MIME-Version: 1.0 Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > With this, it would be MUCH simpler to release a "security binary kit" > > upgrade to 2.1.X series systems. > > Before everyone starts singing `Halleluia', let me state first that > this does not solve everything. At runs a setlocale() itsself, so > it is still vulnerable. Further, It will not solve the problem for ppl > that actually NEED the locale stuff.... The locale stuff appears to have been removed from 2.2's crt0.c as well, I don't know anything more about what was done, but it seems to me that that suggests that it is not mandatory for use of the locale stuff. The comments suggested that it was an easy way to try to locale-ize the entire system. It should not, I would think, preclude the use of the locale code, but then again, I am only very mildly familiar with that stuff. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847