Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 03 Feb 1997 03:31:29 -0800
From:      David Greenman <dg@root.com>
To:        tqbf@enteract.com
Cc:        torbjorn@norway.eu.net (Torbjorn Ose), freebsd-security@FreeBSD.ORG
Subject:   Re: Critical Security Problem in 4.4BSD crt0 
Message-ID:  <199702031131.DAA10128@root.com>
In-Reply-To: Your message of "Mon, 03 Feb 1997 04:25:39 CST." <199702031026.EAA19567@enteract.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
>> ok, I could be wrong about 2.1.6. Here's the first message I can find that
>
>You are. The problem is "fixed" in -current with patches to setlocale.c
>that check mismatched e/uid and do bounds checking on the string copies,
>but 2.2 doesn't do startup locale processing. 2.1.6 did not resolve this
>problem. 
...
>and anyone with a 2.1.6 installation is vulnerable. The FreeBSD team has
>not made information regarding this problem available to the public,
>although they did silently fix it in -current.

   For the record, the setlocale call from crt0 was removed after a debate
about its architectural [in]correctness and had nothing to do with any
security hole. I'm not aware of any security related fixes to
startup_setrunelocale() in any version of FreeBSD, nor have I seen or
heard (until your report) about any security related problems in any of the
locale code. It sounds like you're suggesting that there was some sort of
coverup, and that simply isn't true.
   Anyway, thank you for finding the problem. It's certainly not the only
security hole in past versions of FreeBSD, but with bug reports like yours
and others, we hope to make FreeBSD more secure in the future.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702031131.DAA10128>