Date: Wed, 5 Feb 97 9:15:15 CST From: Joe Greco <jgreco@solaria.sol.net> To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Cc: Guido.vanRooij@nl.cis.philips.com, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <199702051515.JAA11822@solaria.sol.net> In-Reply-To: <199702051501.QAA01260@bsd.lss.cp.philips.com> from "Guido van Rooij" at Feb 5, 97 04:01:18 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > With this, it would be MUCH simpler to release a "security binary kit" > > upgrade to 2.1.X series systems. > > Before everyone starts singing `Halleluia', let me state first that > this does not solve everything. At runs a setlocale() itsself, so > it is still vulnerable. Further, It will not solve the problem for ppl > that actually NEED the locale stuff.... The locale stuff appears to have been removed from 2.2's crt0.c as well, I don't know anything more about what was done, but it seems to me that that suggests that it is not mandatory for use of the locale stuff. The comments suggested that it was an easy way to try to locale-ize the entire system. It should not, I would think, preclude the use of the locale code, but then again, I am only very mildly familiar with that stuff. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702051515.JAA11822>