mailing list archives
Re: Critical Security Problem in 4.4BSD crt0
From: mycroft () GNU AI MIT EDU (Charles M. Hannum)
Date: Mon, 3 Feb 1997 13:11:36 -0500
"Thomas H. Ptacek" <tqbf () enteract com> writes:
The issue is that FreeBSD 2.1.5's crt0.c start() routine, which calls the
"main()" entry point function in the program that is starting, will under
some circumstances call routines that set the "locale" of the program. The
routines that do this are heavily dependant on environment variables,
which are in some circumstances copied directly into local character
buffers on the stack of the locale routines.
I'd like to point out that, despite the subject line, this hole has
nothing to do with 4.4BSD; it is specific to FreeBSD, and does *not*
affect other 4.4BSD-derived systems.