From owner-freebsd-security  Wed Feb  5 09:03:06 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id JAA20784
          for security-outgoing; Wed, 5 Feb 1997 09:03:06 -0800 (PST)
Received: from mailserv.tversu.ac.ru (root@mailserv.tversu.ac.ru [193.233.128.3])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA18453;
          Wed, 5 Feb 1997 09:00:24 -0800 (PST)
Received: from localhost (vadim@localhost) by mailserv.tversu.ac.ru (8.6.12/8.6.12) with SMTP id TAA25626; Wed, 5 Feb 1997 19:55:52 +0300
Date: Wed, 5 Feb 1997 19:55:52 +0300 (MSK)
From: Vadim Kolontsov <vadim@tversu.ac.ru>
To: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
cc: Joe Greco <jgreco@solaria.sol.net>, joerg_wunsch@uriah.heep.sax.de,
        core@freebsd.org, security@freebsd.org, jkh@freebsd.org
Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE
In-Reply-To: <199702051501.QAA01260@bsd.lss.cp.philips.com>
Message-ID: <Pine.NEB.3.95.970205194827.25582A-100000@mailserv.tversu.ac.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 5 Feb 1997, Guido van Rooij wrote:

> > > Yiou can use the lfix program to do so. It was posted by a Russian guy,
> > > who's name I forgot. I added a fix so it can actually do the complete
> > > filesystem in one sweep. Basically it patches the binary to replace
> > > the above call by nop's.
> > 
> > PERFECT!!!  We have a solution  :-)  (this was the most worrisome security
> > hole, the smaller ones like talkd could be "patched" much more easily).
> 
> Before everyone starts singing `Halleluia', let me state first that
> this does not solve everything. At runs a setlocale() itsself, so
> it is still vulnerable. Further, It will not solve the problem for ppl
> that actually NEED the locale stuff....

  Yes, but why not to use lfix only for static binaries? I can add
checking if binary statically or dynamic linked. Also we can include a 
patched and recompiled version of libc into archive.
  Of course, problem with _static_ binaries which uses setlocale() 
_by itself_ is still exists... this binaries need recompilation.. any
ideas? Are there any such programs in FreeBSD distribution?

Vadim.
--------------------------------------------------------------------------
Vadim Kolontsov                                          SysAdm/Programmer 
Tver Regional Center of New Information Technologies          Networks Lab