Date: Mon, 03 Feb 1997 03:31:29 -0800 From: David Greenman <dg@root.com> To: tqbf@enteract.com Cc: torbjorn@norway.eu.net (Torbjorn Ose), freebsd-security@FreeBSD.ORG Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <199702031131.DAA10128@root.com> In-Reply-To: Your message of "Mon, 03 Feb 1997 04:25:39 CST." <199702031026.EAA19567@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> ok, I could be wrong about 2.1.6. Here's the first message I can find that > >You are. The problem is "fixed" in -current with patches to setlocale.c >that check mismatched e/uid and do bounds checking on the string copies, >but 2.2 doesn't do startup locale processing. 2.1.6 did not resolve this >problem. ... >and anyone with a 2.1.6 installation is vulnerable. The FreeBSD team has >not made information regarding this problem available to the public, >although they did silently fix it in -current. For the record, the setlocale call from crt0 was removed after a debate about its architectural [in]correctness and had nothing to do with any security hole. I'm not aware of any security related fixes to startup_setrunelocale() in any version of FreeBSD, nor have I seen or heard (until your report) about any security related problems in any of the locale code. It sounds like you're suggesting that there was some sort of coverup, and that simply isn't true. Anyway, thank you for finding the problem. It's certainly not the only security hole in past versions of FreeBSD, but with bug reports like yours and others, we hope to make FreeBSD more secure in the future. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702031131.DAA10128>