Date: Wed, 5 Feb 97 8:47:11 CST From: Joe Greco <jgreco@solaria.sol.net> To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Cc: joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <199702051447.IAA11557@solaria.sol.net> In-Reply-To: <199702051105.MAA21662@bsd.lss.cp.philips.com> from "Guido van Rooij" at Feb 5, 97 12:05:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > I thought this has been removed long ago. > > > > Go for it. It has been found to be a poor concept anyway. > > Yiou can use the lfix program to do so. It was posted by a Russian guy, > who's name I forgot. I added a fix so it can actually do the complete > filesystem in one sweep. Basically it patches the binary to replace > the above call by nop's. PERFECT!!! We have a solution :-) (this was the most worrisome security hole, the smaller ones like talkd could be "patched" much more easily). But could you be a little more vague, please? Where do I get it from? :-) I don't see it on Freefall... a DejaNews search doesn't turn anything up... Ah. I see it on the security list archive. Jordan: once we have it tested, can we get this posted somewhere and make big blinking neon signs that PEOPLE NEED TO RUN THIS? I'm gonna compile it up and try it shortly. With this, it would be MUCH simpler to release a "security binary kit" upgrade to 2.1.X series systems. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702051447.IAA11557>