Date: Wed, 26 Mar 2003 08:02:04 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Jeremy C. Reed" <reed@reedmedia.net> Cc: freebsd-security@FREEBSD.ORG Subject: Re: what actually uses xdr_mem.c? Message-ID: <20030326140204.GC33671@madman.celabo.org> In-Reply-To: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net> References: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 25, 2003 at 10:11:46PM -0800, Jeremy C. Reed wrote: > In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries > or tools under /bin or /sbin actually use that problem code? > > The recent XDR fixes the xdrmem_getlong_aligned(), > xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), > xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() > functions, but it is difficult to know what uses these (going backwards > manually). You'll never find it starting with those :-) Rather, look for uses of xdrmem_create. [...] > Is the XDR only used for RPC related tools? (Or is it is used as a generic > portable binary data format used with all libc?) Well, not _only_ for RPC, but certainly RPC is the big consumer. Almost any RPC application will also be using an xdrmem stream. Depending upon the data types marshalled through the stream, one of the affected routines may be called. Other applications could also use XDR directly, such as to serialize data for storage. I don't think this is very common. > With some other libc security issues (such as with resolver), you can > easily know which tools use that code. > > The various XDR-related advisories are vague and don't really mention what > can be effected by this issue. > > (For last summer's xdr issue, it was suggested (for Solaris) that the > Desktop Management Interface service daemon and Calendar Manager service > daemon be disabled.) > > Jeremy C. Reed > http://bsd.reedmedia.net/ > > p.s. I provide binary updates for customers; and for most issues I don't > want to provide binaries that are not effected. Have a look at Colin Percival's binary updates stuff. He believes he has overcome these issues. Also, one can pull out the `relevant' ELF sections, and compare those for a pretty good picture. You could use objcopy. I've used libelf to do the same. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030326140204.GC33671>