[3993] in bugtraq
Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0
daemon@ATHENA.MIT.EDU (A Bruce in the land of the Bruces)
Mon Feb 3 11:18:04 1997
Date: Fri, 3 Feb 1995 19:54:55 +1000
Reply-To: A Bruce in the land of the Bruces <brucec@HUMBUG.ORG.AU>
From: A Bruce in the land of the Bruces <brucec@HUMBUG.ORG.AU>
X-To: "Thomas H. Ptacek" <tqbf@enteract.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199702030554.XAA07517@enteract.com>
On Sun, 2 Feb 1997, Thomas H. Ptacek wrote:
> There is a critically important security problem in FreeBSD 2.1.5's C
> runtime support library that will enable anyone with control of the
> environment of a process to cause it to execute arbitrary code. All
> executable SUID programs on the system are vulnerable to this problem.
>
> On FreeBSD 2.1.5, startup locale processing is enabled by setting the
> environment variable "ENABLE_STARTUP_LOCALE". "startup_setrunelocale()" is
> called if the environment variable "LC_CTYPE" is set as well.
Quick fix (for shell users), 'declare -r' all suspect environment
variables to safe values in the system startup files for the shell.
--==--
Bruce.
A cynic is a person searching for an honest man, with a stolen lantern.
-- Edgar A. Shoaff
