From owner-freebsd-security Wed Feb 5 13:34:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA13482 for security-outgoing; Wed, 5 Feb 1997 13:34:32 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA13229; Wed, 5 Feb 1997 13:30:24 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id NAA11127; Wed, 5 Feb 1997 13:28:12 -0800 (PST) Message-Id: <199702052128.NAA11127@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: Karl Denninger cc: jgreco@solaria.sol.net (Joe Greco), Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE In-reply-to: Your message of "Wed, 05 Feb 1997 12:46:16 CST." <199702051846.MAA08211@Jupiter.Mcs.Net> From: David Greenman Reply-To: dg@root.com Date: Wed, 05 Feb 1997 13:28:11 -0800 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >I don't have commit access, and won't wait long for those who do to play >with this. If I had it you'd have already seen the commit; I would have >stayed up all night last night to code a REAL fix. Well, I *did* stay up all night working on this and committed a fix. If people BOTHERED to read their commit email, they would have noticed that the call too read PATH_LOCALE was completely and totally REMOVED from the 2.1-stable, 2.2, and -current. (Yes, my capslock works, too). As for the announcement, it's been delayed because of some uncertainty about whether 2.2 through 3.0-SNAP is actually affected since this code: 1) Doesn't call setlocale() from crt0 2) Checks the uid != euid before using the environment PATH_LOCALE We will make an announcement when we have accurate information for people. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project