Bugtraq mailing list archives
Re: Critical Security Problem in 4.4BSD crt0
From: mycroft () GNU AI MIT EDU (Charles M. Hannum)
Date: Mon, 3 Feb 1997 13:11:36 -0500
"Thomas H. Ptacek" <tqbf () enteract com> writes:
The issue is that FreeBSD 2.1.5's crt0.c start() routine, which calls the "main()" entry point function in the program that is starting, will under some circumstances call routines that set the "locale" of the program. The routines that do this are heavily dependant on environment variables, which are in some circumstances copied directly into local character buffers on the stack of the locale routines.
I'd like to point out that, despite the subject line, this hole has nothing to do with 4.4BSD; it is specific to FreeBSD, and does *not* affect other 4.4BSD-derived systems.
Current thread:
- Critical Security Problem in 4.4BSD crt0 Thomas H. Ptacek (Feb 02)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 A Bruce in the land of the Bruces (Feb 03)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 Lex Spoon (Feb 03)
- Problems with locale routines in general... Thomas H. Ptacek (Feb 03)
- <Possible follow-ups>
- Re: Critical Security Problem in 4.4BSD crt0 Dan Cross (Feb 02)
- Re: Critical Security Problem in 4.4BSD crt0 Charles M. Hannum (Feb 03)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 A Bruce in the land of the Bruces (Feb 03)