Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Feb 97 8:47:11 CST
From:      Joe Greco <jgreco@solaria.sol.net>
To:        Guido.vanRooij@nl.cis.philips.com (Guido van Rooij)
Cc:        joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org
Subject:   Re: 2.1.6+++: crt0.c CRITICAL CHANGE
Message-ID:  <199702051447.IAA11557@solaria.sol.net>
In-Reply-To: <199702051105.MAA21662@bsd.lss.cp.philips.com> from "Guido van Rooij" at Feb 5, 97 12:05:13 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> > I thought this has been removed long ago.
> > 
> > Go for it.  It has been found to be a poor concept anyway.
> 
> Yiou can use the lfix program to do so. It was posted by a Russian guy,
> who's name I forgot. I added a fix so it can actually do the complete
> filesystem in one sweep. Basically it patches the binary to replace
> the above call by nop's.

PERFECT!!!  We have a solution  :-)  (this was the most worrisome security
hole, the smaller ones like talkd could be "patched" much more easily).

But could you be a little more vague, please?  Where do I get it from?  :-)

I don't see it on Freefall...  a DejaNews search doesn't turn anything up...
Ah.  I see it on the security list archive.

Jordan: once we have it tested, can we get this posted somewhere and make 
big blinking neon signs that PEOPLE NEED TO RUN THIS?  I'm gonna compile 
it up and try it shortly.

With this, it would be MUCH simpler to release a "security binary kit"
upgrade to 2.1.X series systems.

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702051447.IAA11557>