Date: Wed, 05 Feb 1997 17:30:28 +0100 From: Eivind Eklund <eivind@dimaga.com> To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Cc: jgreco@solaria.sol.net (Joe Greco), Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <3.0.32.19970205173026.0093c150@dimaga.com>
next in thread | raw e-mail | index | archive | help
At 04:01 PM 2/5/97 +0100, Guido van Rooij wrote: >Joe Greco wrote: [on binary patching of 2.1.6 binaries] >> With this, it would be MUCH simpler to release a "security binary kit" >> upgrade to 2.1.X series systems. > >Before everyone starts singing `Halleluia', let me state first that >this does not solve everything. At runs a setlocale() itsself, I was unable to find a call to any locale-function in 2.1.6 "at". However, can anybody can say crontab? I knew you could. Other programs that might want a patch are csh, expr, diff, tr and cc - all of them might be run as root from a script and get passed locale. >so it is still vulnerable. Further, It will not solve the problem for ppl >that actually NEED the locale stuff.... Who needs locales? Is there _anybody_ that use them? I don't know of anybody that use them on UNIX, and nobody that would say they need them on any platform. Eivind Eklund / perhaps@yes.no / http://maybe.yes.no/perhaps/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970205173026.0093c150>