From owner-freebsd-questions  Mon Feb 24 10:34:31 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id KAA06612
          for questions-outgoing; Mon, 24 Feb 1997 10:34:31 -0800 (PST)
Received: from mailhub.aros.net (mailhub.aros.net [207.173.16.17])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA06607
          for <questions@freebsd.org>; Mon, 24 Feb 1997 10:34:28 -0800 (PST)
Received: from fluffy.aros.net (fluffy.aros.net [207.173.16.2]) by mailhub.aros.net (8.8.5/Unknown) with ESMTP id LAA08512; Mon, 24 Feb 1997 11:34:26 -0700 (MST)
Received: from fluffy.aros.net (localhost [127.0.0.1]) by fluffy.aros.net (8.8.5/8.6.12) with ESMTP id LAA27569; Mon, 24 Feb 1997 11:34:23 -0700 (MST)
Message-Id: <199702241834.LAA27569@fluffy.aros.net>
To: Nik Clayton <nik@blueberry.co.uk>
cc: questions@freebsd.org
Subject: Re: Netscape static binaries - security hole? 
In-reply-to: Your message of "Sat, 22 Feb 1997 22:41:56 GMT."
             <19970222224156.22114@coconut.blueberry.co.uk> 
Date: Mon, 24 Feb 1997 11:34:23 -0700
From: Dave Andersen <angio@aros.net>
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


   You run netscape setuid? (%!?)  If you do, you have far larger worries than
the setlocale() bug. :>  Don't run it setuid, and then don't worry about it.

    -Dave

> I'm working my way through my recently-upgraded-to-2.1.7 system, recompiling
> all the static binaries, when I come across the Netscape browser, which 
> is (naturally) statically linked.
> 
> Does anyone know if this (and other binaries running under BSDI
> compatability) are vulnerable to the setlocale() hole?
> 
> Cheers,