Date: 03 Feb 1997 13:11:36 -0500 From: mycroft@gnu.ai.mit.edu (Charles M. Hannum) To: tqbf@enteract.com Cc: bugtraq@netspace.org, freebsd-security@freebsd.org Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <c1kd8uh3gkm.fsf@melange.gnu.ai.mit.edu> In-Reply-To: "Thomas H. Ptacek"'s message of Sun, 2 Feb 1997 23:54:54 -0600 (CST) References: <199702030554.XAA07517@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Thomas H. Ptacek" <tqbf@enteract.com> writes: > > The issue is that FreeBSD 2.1.5's crt0.c start() routine, which calls the > "main()" entry point function in the program that is starting, will under > some circumstances call routines that set the "locale" of the program. The > routines that do this are heavily dependant on environment variables, > which are in some circumstances copied directly into local character > buffers on the stack of the locale routines. I'd like to point out that, despite the subject line, this hole has nothing to do with 4.4BSD; it is specific to FreeBSD, and does *not* affect other 4.4BSD-derived systems.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1kd8uh3gkm.fsf>