From owner-freebsd-security  Mon Feb  3 07:13:42 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id HAA02464
          for security-outgoing; Mon, 3 Feb 1997 07:13:42 -0800 (PST)
Received: from char-star.rdist.org (char-star.rdist.org [206.54.252.22])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA02459
          for <freebsd-security@freebsd.org>; Mon, 3 Feb 1997 07:13:40 -0800 (PST)
From: tqbf@enteract.com
Received: (qmail 2486 invoked by uid 1001); 3 Feb 1997 15:14:28 -0000
Date: 3 Feb 1997 15:14:28 -0000
Message-ID: <19970203151428.2485.qmail@char-star.rdist.org>
To: spork@super-g.com, freebsd-security@freebsd.org
Subject: Re: Critical Security Problem in 4.4BSD crt0 
In-Reply-To: <Pine.BSF.3.95.970203040747.18920A-100000@super-g.inch.com>
Reply-To: tqbf@enteract.com
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In article <Pine.BSF.3.95.970203040747.18920A-100000@super-g.inch.com>, you wrote:
>What would happen if the "safe" 2.2 library were used under 2.1.6?  It
>certainly compiles OK...  Or am I smoking crack here?

The problem is much easier to resolve than that. Just remove locale
processing from crt0.c. A patch has been provided elsewhere. This
shouldn't break anything on most systems.

-- 
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
exit(main(kfp->kargc, argv, environ));