Date: Fri, 8 Sep 2000 01:35:57 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Warner Losh <imp@village.org> Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>, Kris Kennaway <kris@FreeBSD.ORG>, "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG, millert@openbsd.org Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000908013556.A19114@nagual.pp.ru> In-Reply-To: <200009072132.PAA06187@harmony.village.org>; from imp@village.org on Thu, Sep 07, 2000 at 03:32:56PM -0600 References: <200009072126.e87LQuE12710@xerxes.courtesan.com> <Pine.BSF.4.21.0009071356030.8316-100000@freefall.freebsd.org> <200009072126.e87LQuE12710@xerxes.courtesan.com> <200009072132.PAA06187@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 07, 2000 at 03:32:56PM -0600, Warner Losh wrote: > : How is this a sudo problem? Do you expect sudo to strip away the NLS > : env vars for you? This would not be unprecedented, as sudo already > : strips out LD_* and friends but breaking locales seems a bit dodgy. > : > : As I haven't seen the entire thread I'm clearly missing some info... > > That's why I asked for more specific details... So far I've not seen > any. > > He's basically worried that someone could use the LC_* variables to > exploit bugs in the locale code's lack of checking of %n arguments. 'sudo' port *must* strip NLSPATH and PATH_LOCALE variables. No other actions required. -- Andrey A. Chernov <ache@nagual.pp.ru> http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000908013556.A19114>