Date: Sun, 13 Sep 1998 21:24:50 -0400 (EDT) From: Chuck Robey <chuckr@mat.net> To: Brian Feldman <green@unixhelp.org> Cc: William Woods <wwoods@cybcon.com>, FreebSD Current <freebsd-current@FreeBSD.ORG> Subject: Re: ssh port problem..... Message-ID: <Pine.BSF.4.02A.9809132118380.343-100000@picnic.mat.net> In-Reply-To: <Pine.BSF.4.02.9809131938470.21069-100000@zone.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Sep 1998, Brian Feldman wrote: > You see, I have to make an assumption as to what is happening since I > don't have too much info. The most possible cases I could think of > would have been: > * new includes but old libraries > * includes from, say, BIND 8.1.2 which would mung up your defines > of the inet_* et al > * libc being found and picked up by the linking process when it > shouldn't have been/ where it shouldn't have been (i.e. a libc in > /usr/whatever/lib that shouldn't be there) > The first is a problem I most recently found on a -STABLE system with bind > 8.1.2 installed to /usr/local, so I suggested that this be the first thing > to check. You never specified if this was -STABLE or -CURRENT (should be Original post, Brian, specified OBJFORMAT. That exists _only_ on current. Besides that, this problem has already been reported nearly a dozen times. Search the mail archives for ssh and inet_ntoa, you'll find them. I finally tired of waiting for the maintainer to fix it, which is why I went out of my way (a security thing is, to me, out of my way) to try to fix this thing for good. The patch involved is already commited, once I got the idea reviewed by a couple guys who _do_ know security, I put it in. > -CURRENT but you know, some people like to post weird stuff about bugs in > say 2.1.7 to freebsd-current). If -STABLE, the inet_* symbols would not > have changed, so the BIND includes could mess the functions up. if > -CURRENT, the inet_* ssymbols wouldn't have been changed until a few > months ago, so new includes and an old libc could be the problem. Please > try and post more relevent information about your environment. > > > Cheers, > Brian Feldman > > > On Sun, 13 Sep 1998, Chuck > Robey wrote: > > > On Sun, 13 Sep 1998, Brian Feldman wrote: > > > > > Look in /usr/local/include. Delete /usr/local/include/arpa/inet.h et al. > > > > No, Brian, I don't think that's the answer. I have an answer, but only > > a security person could tell me if it's ok. Let me describe the > > problem (I left in the fault listing, or at least enough of it so you > > can check me). > > > > The problem is, for the gmp and z libs, those are system libs, but the > > lib callouts for them assume that they aren't system libs. The > > difference is that you use a -L switch for non-system libs, to tell the > > compiler where to look for them. You *don't* do that for sytem libs, > > the system does that. This is most especially critically important for > > FreeBSD-current, where the lib situation is (shall we say) a little > > muddy right now. Those -L/usr/lib switches have to go away. They're > > encapsulated in the patch-ac. I included a new patch-ac with a couple > > of small edits to take the -L's out of libz and libgmp. > > > > Doing this, tho, I think might have some impact on security. I don't > > know what it is. I hope maybe someone who knows security might comment. > > Don't have to know ports, just tell me if the concept is good or bad, or > > what other solution _would_ be PC for a security-type application. > > > > > Cheers, > > > Brian Feldman > > > > > > On Sat, 12 Sep 1998, William Woods wrote: > > > > > > > OK, I just installed rsarf from the ports useing make OBJFORMAT=aout and that > > > > worked fine, but when I do a make OBJFORMAT=aout for ssh I get the following... > > > > > > > > ------------------------------------------------------------- > > > > rm -f ssh > > > > cc -pipe -Lrsaref2/source -L/usr/local/lib -o ssh ssh.o sshconnect.o > > > > log-client.o readconf.o hostfile.o readpass.o tildexpand.o clientloop.o can > > > > ohost.o idea.o rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o > > > > xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o c > > > > rc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o userfile.o signals.o > > > > blowfish.o deattack.o -L/usr/lib -lgmp -L/usr/lib -lz -lwrap -l > > > > rsaref -lcrypt -L/usr/local/lib -lutil > > > > sshconnect.o: Undefined symbol `___inet_addr' referenced from text segment > > > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > > > *** Error code 1 > > > > > > > > Stop. > > > > -------------------------------------------------------- > > > > > > > > Anyideas here folks ? > > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809132118380.343-100000>