Date: Sun, 13 Sep 1998 19:45:41 -0400 (EDT) From: Brian Feldman <green@unixhelp.org> To: Chuck Robey <chuckr@mat.net> Cc: William Woods <wwoods@cybcon.com>, FreebSD Current <freebsd-current@FreeBSD.ORG> Subject: Re: ssh port problem..... Message-ID: <Pine.BSF.4.02.9809131938470.21069-100000@zone.syracuse.net> In-Reply-To: <Pine.BSF.4.02A.9809131243570.343-200000@picnic.mat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You see, I have to make an assumption as to what is happening since I don't have too much info. The most possible cases I could think of would have been: * new includes but old libraries * includes from, say, BIND 8.1.2 which would mung up your defines of the inet_* et al * libc being found and picked up by the linking process when it shouldn't have been/ where it shouldn't have been (i.e. a libc in /usr/whatever/lib that shouldn't be there) The first is a problem I most recently found on a -STABLE system with bind 8.1.2 installed to /usr/local, so I suggested that this be the first thing to check. You never specified if this was -STABLE or -CURRENT (should be -CURRENT but you know, some people like to post weird stuff about bugs in say 2.1.7 to freebsd-current). If -STABLE, the inet_* symbols would not have changed, so the BIND includes could mess the functions up. if -CURRENT, the inet_* ssymbols wouldn't have been changed until a few months ago, so new includes and an old libc could be the problem. Please try and post more relevent information about your environment. Cheers, Brian Feldman On Sun, 13 Sep 1998, Chuck Robey wrote: > On Sun, 13 Sep 1998, Brian Feldman wrote: > > > Look in /usr/local/include. Delete /usr/local/include/arpa/inet.h et al. > > No, Brian, I don't think that's the answer. I have an answer, but only > a security person could tell me if it's ok. Let me describe the > problem (I left in the fault listing, or at least enough of it so you > can check me). > > The problem is, for the gmp and z libs, those are system libs, but the > lib callouts for them assume that they aren't system libs. The > difference is that you use a -L switch for non-system libs, to tell the > compiler where to look for them. You *don't* do that for sytem libs, > the system does that. This is most especially critically important for > FreeBSD-current, where the lib situation is (shall we say) a little > muddy right now. Those -L/usr/lib switches have to go away. They're > encapsulated in the patch-ac. I included a new patch-ac with a couple > of small edits to take the -L's out of libz and libgmp. > > Doing this, tho, I think might have some impact on security. I don't > know what it is. I hope maybe someone who knows security might comment. > Don't have to know ports, just tell me if the concept is good or bad, or > what other solution _would_ be PC for a security-type application. > > > Cheers, > > Brian Feldman > > > > On Sat, 12 Sep 1998, William Woods wrote: > > > > > OK, I just installed rsarf from the ports useing make OBJFORMAT=aout and that > > > worked fine, but when I do a make OBJFORMAT=aout for ssh I get the following... > > > > > > ------------------------------------------------------------- > > > rm -f ssh > > > cc -pipe -Lrsaref2/source -L/usr/local/lib -o ssh ssh.o sshconnect.o > > > log-client.o readconf.o hostfile.o readpass.o tildexpand.o clientloop.o can > > > ohost.o idea.o rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o > > > xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o c > > > rc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o userfile.o signals.o > > > blowfish.o deattack.o -L/usr/lib -lgmp -L/usr/lib -lz -lwrap -l > > > rsaref -lcrypt -L/usr/local/lib -lutil > > > sshconnect.o: Undefined symbol `___inet_addr' referenced from text segment > > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > *** Error code 1 > > > > > > Stop. > > > -------------------------------------------------------- > > > > > > Anyideas here folks ? > > ----------------------------+----------------------------------------------- > Chuck Robey | Interests include any kind of voice or data > chuckr@glue.umd.edu | communications topic, C programming, and Unix. > 213 Lakeside Drive Apt T-1 | > Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) > (301) 220-2114 | and jaunt (NetBSD). > ----------------------------+----------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9809131938470.21069-100000>