Date: Wed, 26 Jun 2002 21:21:10 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Mark Hartley <mark@work.drapple.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Message-ID: <Pine.NEB.3.96L.1020626211921.17483G-100000@fledge.watson.org> In-Reply-To: <XFMail.020626181430.mark@work.drapple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Jun 2002, Mark Hartley wrote:
> I figured the reboot of the whole system I did (after going through the
> whole build and install of kernel & world), should have taken care of
> making sure any dynamically linked stuff is using the new & improved
> libc.
>
> So far I've only found a few apps that didn't get rebuilt that appear to
> be statically linked, and most of them are Kerberos tools (not sure why
> they weren't rebuilt with world), but I don't use Kerberos or run any
> Kerberos services. So far, it appears that a cvsup and rebuild of world
> is all that I'm going to need to do.
If you ended up with Kerberos installed somehow, it was probably an
accidental flip of a switch in sysinstall. I make a habit of walking
{/bin,/sbin,/usr/bin,/usr/sbin,/usr/libexec} after each installworld and
trimming old and unused binaries. Especially for things like UUCP in
-CURRENT, where the software presents some risk, and isn't going to get
automatically garbage collected by the install process. I'd go through
and check all the file modification dates in your binary directories and
trim things you know you don't need just to reduce the chances of
something slipping through the cracks. (Watch out not to delete old
symlinks -- unlike binaries, their timestamps aren't updated during the
install if they are still needed).
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020626211921.17483G-100000>