From owner-freebsd-security Wed Feb 5 08:21:40 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA02118 for security-outgoing; Wed, 5 Feb 1997 08:21:40 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA00606; Wed, 5 Feb 1997 08:19:17 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id RAA29917; Wed, 5 Feb 1997 17:17:13 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma029272; Wed Feb 5 17:15:03 1997 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id RAA09448; Wed, 5 Feb 1997 17:15:01 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id RAA05095; Wed, 5 Feb 1997 17:15:00 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Message-Id: <199702051615.RAA05095@bsd.lss.cp.philips.com> Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Wed, 5 Feb 1997 17:15:00 +0100 (MET) Cc: jgreco@solaria.sol.net, Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org In-Reply-To: <19240.855158674@time.cdrom.com> from "Jordan K. Hubbard" at "Feb 5, 97 08:04:34 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > Jordan: once we have it tested, can we get this posted somewhere and make > > big blinking neon signs that PEOPLE NEED TO RUN THIS? I'm gonna compile > > it up and try it shortly. > > If it works, it's sure a hell of a lot easier than a reinstall. Certainly. It does work. I tested it on a life system. However, as stated earlier, it should check for immutable and append only flags and react accordingly. Further, you MUST run it in single user mode as it is impossible to patch running binaries. -Guido