From owner-freebsd-security  Mon Feb  3 09:04:02 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id JAA08068
          for security-outgoing; Mon, 3 Feb 1997 09:04:02 -0800 (PST)
Received: from chilly-willy.avsi.com ([207.122.107.2])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA08051
          for <freebsd-security@freebsd.org>; Mon, 3 Feb 1997 09:03:55 -0800 (PST)
Received: (qmail 10551 invoked by uid 1111); 3 Feb 1997 17:02:56 -0000
Date: Mon, 3 Feb 1997 12:02:56 -0500 (EST)
From: "Peter C. Norton" <spacey@avsi.com>
To: "Thomas H. Ptacek" <tqbf@enteract.com>
cc: best-of-security@suburbia.net, freebsd-security@freebsd.org
Subject: Re: BoS:  Critical Security Problem in 4.4BSD crt0
In-Reply-To: <199702030554.XAA07517@enteract.com>
Message-ID: <Pine.SGI.3.95.970203120053.10464B-100000@ns1.avsi.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> There is a critically important security problem in FreeBSD 2.1.5's C
> runtime support library that will enable anyone with control of the
> environment of a process to cause it to execute arbitrary code. All
> executable SUID programs on the system are vulnerable to this problem.

It seems that this problem is evident in prior releases of freebsd, at
least as far back as 2.0.5, maybe further.

-Peter