[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libc patch (resolver)

To: <misc@openbsd.org>
Subject: Re: libc patch (resolver)
From: "Joe Kellner" <jdk@the-grudge.myip.org>
Date: Thu, 27 Jun 2002 10:40:09 -0400
References: <Pine.BSO.4.43L2.0206262154100.19823-100000@fusion.bennyvision.com> <20020627061559.A46275@diabolic-cow.chatgris.net>

I'm wondering if the kernel needs to be rebuilt after rebuilding libc.
Anyone know?

Thanks,
-Joe Kellner





----- Original Message -----
From: "Rémi Guyomarch" <rguyom@pobox.com>
To: <misc@openbsd.org>
Sent: Thursday, June 27, 2002 12:15 AM
Subject: Re: libc patch (resolver)


> On Wed, Jun 26, 2002 at 10:05:59PM -0500, C. Bensend wrote:
> > Hey folks,
> >
> > I'm just catching up on the bazillion and five
> > security-related emails lately, and I saw the announcement of
> > the libc vulnerability.
> >
> > -> As I understand it <- , this vulnerability affects many
> > (if not all) of the binaries in /bin and /sbin.  If I am incorrect,
> > please feel free to correct me in a constructive way - I have read
> > nothing that suggests otherwise.
> >
> > My question:  is there a simpler way of rebuilding all of
> > the binaries that have been statically compiled, short of an ugly
> > 'find /usr/src ...'
>
> in addition to all /bin and /sbin :
>
> find /usr/bin /usr/sbin /usr/X11R6 /usr/games /usr/mdec /usr/libexec \
> /usr/share /usr/local -type f -and \
> \( -perm -o+x -or -perm -g+x -or -perm -u+x \) | \
> xargs file | egrep -vw "dynamically linked|text|library"
>
> (not sure if we should also rebuild static libraries ...)
>
> which gives me on a 3.1 box :
>
> /usr/bin/encrypt:       OpenBSD/i386 demand paged executable
> /usr/bin/gunzip:        OpenBSD/i386 demand paged executable
> /usr/bin/gzcat:         OpenBSD/i386 demand paged executable
> /usr/bin/gzip:          OpenBSD/i386 demand paged executable
> /usr/bin/kdump:         OpenBSD/i386 demand paged executable
> /usr/bin/ktrace:        OpenBSD/i386 demand paged executable
> /usr/sbin/chroot:       OpenBSD/i386 demand paged executable
> /usr/sbin/pwd_mkdb:     OpenBSD/i386 demand paged executable
> /usr/mdec/biosboot:     OpenBSD/i386 object file not stripped
> /usr/mdec/boot:         OpenBSD/i386 demand paged executable
> /usr/mdec/installboot:  OpenBSD/i386 demand paged executable
> /usr/mdec/mbr:          data
> /usr/libexec/makekey:   OpenBSD/i386 demand paged executable
> /usr/local/bin/bash:    OpenBSD/i386 demand paged executable
>
> > script to find all of the statically compiled
> > binaries, and recompile them (after the resolver patch has been
> > applied)?
>
> cd /usr/src && make build ?
>
> > I have installed the patch, now I'm worried about the
> > last two lines of the patch intro:
> >
> > "Note that programs that are linked statically will not pick up
> > the change unless they are rebuilt.  This includes the contents of /bin
> > and /sbin."
>
> This also means that certain ports should also be rebuilt. For
> exemple, but not limited to, any static shell you may have.
>
> --
> Rémi

References:
- libc patch (resolver)
  - From: "C. Bensend" <benny@bennyvision.com>
- Re: libc patch (resolver)
  - From: Rémi Guyomarch <rguyom@pobox.com>

Prev by Date: Re: buffer overflow in the DNS resolver
Next by Date: Fw: Apache ...
Prev by thread: Re: libc patch (resolver)
Next by thread: Re: libc patch (resolver)
Index(es):
- Date
- Thread