From owner-freebsd-security Sat Feb 8 23:29:42 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA04124 for security-outgoing; Sat, 8 Feb 1997 23:29:42 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA04119 for ; Sat, 8 Feb 1997 23:29:40 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id BAA19357; Sun, 9 Feb 1997 01:29:15 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199702090729.BAA19357@enteract.com> Subject: Re: 2.1.7 To: dg@root.com Date: Sun, 9 Feb 1997 01:28:34 -0600 (CST) Cc: tqbf@enteract.com, sadmin@roundtable.cif.rochester.edu, freebsd-security@freebsd.org Reply-To: tqbf@enteract.com In-Reply-To: <199702090655.WAA07032@root.com> from "David Greenman" at Feb 8, 97 10:55:01 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > crt0 is static and part of every binary. For a second there I thought I was crazy. =) > The real problem is with what crt0 calls - _startup_setlocale() in libc, > which does a getenv of PATH_LOCALE and copies it to a stack buffer without You're right, obviously, the real problem is the locale routines themselves, not the call to them in crt0. Sorry. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "I'm standing alone, I'm watching you all, I'm seeing you sinking."