Date: Thu, 6 Feb 1997 09:53:28 +0300 (MSK) From: Vadim Kolontsov <vadim@tversu.ac.ru> To: freebsd-security@freebsd.org Subject: summury: holes in locale Message-ID: <Pine.NEB.3.95.970206093031.25582B-100000@mailserv.tversu.ac.ru> In-Reply-To: <E0vsKIm-0002zi-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
the summary about patchkit.
Patchkit must understand all versions of FreeBSD, and make a correct
changes in the system. It must contain:
1) corrected /usr/lib/libc.a, libc.so.*
2) corrected /usr/lib/crt0.o
3) lfix, which patches statically linked binaries (why to
patch dinamically linked bins? we already fixed this bug placing patched
libc in /usr/lib, isn't it?)
4) some script, which can make all modification automatically; it must
check if we are working in single-user mode (to avoid problem with
running binaries)
5) good README
My part of project: lfix/ltest. I have to make changes in it, because at
this time lfix/ltest tested only on FreeBSD 2.1.0 (by me). Also checking
for static/dyn linking can be added.. and chflag handling..
I still don't know what we need to do with statically linked binaries
which calls locale stuff by itself.. may be we can patch libc, contained
in binary (pattern search for _startup_locale code etc)?... of course,
recompiling is the solution...
Anybody knows, how many statically linked setuid binaries call locale
routines by itself? (not by their C startup module) May be, we can include
corrected (recompiled) versions of them into the patchkit?.. For all
versions of FreeBSD?
Any ideas, suggestions, volunteers?..
Best regards, Vadim.
--------------------------------------------------------------------------
Vadim Kolontsov SysAdm/Programmer
Tver Regional Center of New Information Technologies Networks Lab
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970206093031.25582B-100000>