[J. Wunsch: hey (fwd)]
eggert at twinsun.com
Fri Jan 10 23:38:45 UTC 1997
Date: Fri, 10 Jan 1997 14:19:50 -0500
From: Roland McGrath <roland at frob.com>
I can think of a third way to combat that problem: make the code that reads
the data files robust, so it checks for invalid data and makes sure it can
never crash due to bogus data.
That is the best way, and in fact the tz code is supposed to do that
already. I just took a quick look and I couldn't see any holes in its
checking, though I didn't look that carefully. The original bug
report is too sketchy to see what the problem might be. I could not
reproduce it with the elsie localtime.c under Solaris 2.5.1.
Perhaps the problem is in the FreeBSD edition rather than the elsie
code? I just compared their localtime.c implementations (using
FreeBSD-current), and the only differences that I see are:
* The FreeBSD edition has mutexes to support reentrant variants
* The FreeBSD edition refuses to read a timezone file if it is
not a regular file. (I don't know why this restriction is
* The FreeBSD edition is missing a fix for the Posix case.
Perhaps the bug is in the FreeBSD mutex handling. For example,
gmtload is sometimes protected by gmt_mutex, and sometimes by
lcl_mutex; this sounds odd to me, but I don't understand FreeBSD
mutexes so I could just be misunderstanding things.
Perhaps the elsie version should add support for localtime_r and
friends; this might help avoid future bugs in this area. localtime_r
is now officially part of Posix, after all.
From: Adam Kubicki <mikee at solozzo.tele.pw.edu.pl>
Date: Thu, 09 Jan 1997 23:02:44 MET
And, setting TZ to /etc/master.passwd you will find whole master.passwd
in core file (touch login.core first to fool default umask/owner core
I presume that /etc/master.password is not supposed to be readable to
ordinary users. That's odd. In both elsie tz and FreeBSD-current,
tzload uses access() as well as open() to check whether the file is
readable. There is of course a window of vulnerability here, but it
doesn't sound like Kubicki is trying to exploit it.
Perhaps he's using some other implementation of localtime?
More information about the tz