From owner-freebsd-security  Wed Jun 26 16:42:38 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP id CC7DE37B7DE
	for <freebsd-security@freebsd.org>; Wed, 26 Jun 2002 16:10:19 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id PAA15615;
	Wed, 26 Jun 2002 15:18:13 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020626151157.02193340@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 26 Jun 2002 15:17:59 -0600
To: "H. Wade Minter" <minter@lunenburg.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
Cc: freebsd-security@freebsd.org
In-Reply-To: <20020626164206.P57680-100000@bunning.skiltech.com>
References: <4.3.2.7.2.20020626143023.022716c0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 02:42 PM 6/26/2002, H. Wade Minter wrote:

>I wouldn't think that ports or packages that don't statically link a
>resolver would need to be recompiled.

The way I read it, if they link statically to libc and use the
resolution code there, they can be hit.

But, again, it may be possible to defuse the bug without
tearing the whole system apart. After all, if resolv.conf
points the query at a locally running copy of, say,
BIND or djbdns, and the daemon blocks the exploit, you're 
safe. Same if you query a domain name server (on the same
host or not) and *it* blocks the exploit. So, fixing the 
problem might be as simple as turning on named and modifying 
resolv.conf.

The announcement didn't mention this as a possible workaround.
Would it work? 

--Brett Glass




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message