Date: Thu, 07 Sep 2000 15:40:03 -0600 From: "Todd C. Miller" <Todd.Miller@courtesan.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Warner Losh <imp@village.org>, "Todd C. Miller" <Todd.Miller@courtesan.com>, Kris Kennaway <kris@FreeBSD.ORG>, "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <200009072140.e87Le3715994@xerxes.courtesan.com> In-Reply-To: Your message of "Fri, 08 Sep 2000 01:35:57 %2B0400." <20000908013556.A19114@nagual.pp.ru> References: <200009072126.e87LQuE12710@xerxes.courtesan.com> <Pine.BSF.4.21.0009071356030.8316-100000@freefall.freebsd.org> <200009072126.e87LQuE12710@xerxes.courtesan.com> <200009072132.PAA06187@harmony.village.org> <20000908013556.A19114@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000908013556.A19114@nagual.pp.ru> so spake "Andrey A. Chernov" (ache): > 'sudo' port *must* strip NLSPATH and PATH_LOCALE variables. No other > actions required. That seems pretty reasonable. I'll strip those out of the environment in sudo 1.6.4. - todd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009072140.e87Le3715994>