[3992] in bugtraq
Re: Critical Security Problem in 4.4BSD crt0
daemon@ATHENA.MIT.EDU (Dan Cross)
Mon Feb 3 10:36:50 1997
Date: Mon, 3 Feb 1997 02:48:34 -0500
Reply-To: Dan Cross <tenser@SPITFIRE.ECSEL.PSU.EDU>
From: Dan Cross <tenser@SPITFIRE.ECSEL.PSU.EDU>
X-To: Security Administrator <sadmin@roundtable.cif.rochester.edu>
To: BUGTRAQ@netspace.org
In-Reply-To: Your message of "Mon, 03 Feb 1997 02:06:55 EST."
<199702030706.CAA07764@roundtable.cif.rochester.edu>
> Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1? Since the
> libraries are similar, my guess without comparing code is that the bug
> is there.
yes, the bug does indeed appear in 2.1.6, at least. Here's an untested
patch which SHOULD fix the problem, though:
----- Begin startup_setlocale.diff
*** startup_setlocale.c 1997/02/03 07:40:46 1.1
--- startup_setlocale.c 1997/02/03 07:41:47
***************
*** 174,183 ****
return(0);
}
! (void) strcpy(name, PathLocale);
! (void) strcat(name, "/");
! (void) strcat(name, encoding);
! (void) strcat(name, "/LC_CTYPE");
if ((fp = fopen(name, "r")) == NULL)
return(ENOENT);
--- 174,181 ----
return(0);
}
! (void) snprintf(name,
! PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding);
if ((fp = fopen(name, "r")) == NULL)
return(ENOENT);
----- End of startup_setlocale.diff
Note that there might be more problems, but I haven't got the time
to test for them right now. :-(
- Dan C.
