mailing list archives
Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0
From: brucec () HUMBUG ORG AU (A Bruce in the land of the Bruces)
Date: Fri, 3 Feb 1995 19:54:55 +1000
On Sun, 2 Feb 1997, Thomas H. Ptacek wrote:
There is a critically important security problem in FreeBSD 2.1.5's C
runtime support library that will enable anyone with control of the
environment of a process to cause it to execute arbitrary code. All
executable SUID programs on the system are vulnerable to this problem.
On FreeBSD 2.1.5, startup locale processing is enabled by setting the
environment variable "ENABLE_STARTUP_LOCALE". "startup_setrunelocale()" is
called if the environment variable "LC_CTYPE" is set as well.
Quick fix (for shell users), 'declare -r' all suspect environment
variables to safe values in the system startup files for the shell.
A cynic is a person searching for an honest man, with a stolen lantern.
-- Edgar A. Shoaff