Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 Mar 2001 15:27:31 +0100 (CET)
From:      Martin Blapp <mb@imp.ch>
To:        audit@freebsd.org
Cc:        alfred@freebsd.org
Subject:   audit of tirpc code
Message-ID:  <Pine.BSF.4.21.0103180240120.6501-100000@levais.imp.ch>
next in thread | raw e-mail | index | archive | help 

Hi,

As you know I did the tirpc port from NetBSD to FreeBSD. I tried to
integrate all known bugs and security issues from Open-/Net-/FreeBSD
into this FreeBSD tirpc and there are a lot of bugs fixed there.

So can anybody who fixed a security bug in portmapper or rpc
look at this diff and check if there are similar conditions ?
I tried to do that carefully, hand have fixed a lot of them.

I'm asking for a carefully audit, but I think we should integrate the
code now into CURRENT and upgrade it then to the latest version. What
do you think ?

Two commits are missing, I'd like to integrate them if you think they
are necessary (code is still the same in tirpc1999):

http://www.FreeBSD.org/cgi/cvsweb.cgi/src/lib/libc/rpc/svc.c.diff?r1=1.6&r2=1.7
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/lib/libc/rpc/svc.c.diff?r1=1.12&r2=1.13

Included in the 1,3 MB big patch are:

- tirpc2.3 (and parts from 2.0 and tirpc1999)
  I've planed to slowly upgrade the code to
  tirpc1999 which is available under SunOS OSS license.

- nfs utilities converted to ipv6 and lot of bugfixes
  ifor nfsd(8) and umount(8).

- fixes to rpc userland code.

You can find the diff on:

http://www.attic.ch/tirpc.html
http://home.teleport.ch/freebsd/tirpc-20010318.diff
http://home.teleport.ch/freebsd/tirpc-20010318.diff.tgz

Martin

Martin Blapp, mb@imp.ch
------------------------------------------------
Improware AG, UNIX solution and service provider
Zurlindenstrasse 29, 4133 Pratteln, Switzerland
Phone: +41 79 370 26 05, Fax: +41 61 826 93 01
------------------------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103180240120.6501-100000>