Date: Thu, 13 Feb 1997 00:36:23 -0800 (PST) From: Dmitry Kohmanyuk <dk@dog.farm.org> To: dev@trifecta.com (Dev Chanchani) Cc: freebsd-security@freebsd.org Subject: Re: 2.1.7 Message-ID: <199702130836.AAA05430@dog.farm.org>
next in thread | raw e-mail | index | archive | help
In article <Pine.BSF.3.91.970209111131.2503B-100000@www.trifecta.com> you wrote:
> > The real problem is with what crt0 calls - _startup_setlocale() in libc,
> > which does a getenv of PATH_LOCALE and copies it to a stack buffer without
> > bounds checking. I removed the getenv call from the libc code, so this attack
> > simply doesn't exist anymore. Anything that is built shared/dynamic will
> > get the new libc and thus will no longer be vulnerable.
> I was under the impression that re-building libc would not work because
> such utilities as ping, at, etc are built statically, thus having the
> buggy code in the utilities.
Hmm, I have just thought about the following:
in / fs:
/bin -> /usr/bin
/sbin -> /usr/sbin
then:
/ fs has /usr with statically-linked /usr/bin and /usr/sbin
/usr fs has /usr/bin and /usr/sbin with dynamically-linked versions of
the same utilities.
this has the advantage of all binaries using dynamic libs when running
multiuser. The space overhead should be pretty small, and changes to
source tree pretty simple... Can be a bit tricky to install, though.
(and doesn't work for those who don't have /usr mounted separately.)
(btw, on my recently compiled 2.2 system, there is
/usr/sbin/rtquery (dynamic) and /sbin/rtquery (static),
/usr/sbin/routed (dynamic) and /sbin/routed (static),
/usr/sbin/ipftest and /sbin/ipftest (both dynamic). )
opinions?
--
"Reality is a poor escapism for people who cannot handle roleplaying"
-- toriver@pvv.unit.no (Tor Iver Wilhelmsen)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702130836.AAA05430>