From owner-freebsd-security@FreeBSD.ORG Wed Mar 26 06:15:39 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A88437B404 for ; Wed, 26 Mar 2003 06:15:39 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B2FC43F75 for ; Wed, 26 Mar 2003 06:15:38 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id DA29E4C82; Wed, 26 Mar 2003 08:15:37 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2QEFbc17852; Wed, 26 Mar 2003 08:15:37 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 26 Mar 2003 08:15:37 -0600 From: D J Hawkey Jr To: Uros Juvan Message-ID: <20030326081537.C17610@sheol.localdomain> References: <20030326102057.GC657@zi025.glhnet.mhn.de> <20030326061041.A17052@sheol.localdomain> <20030326130056.GD657@zi025.glhnet.mhn.de> <20030326071637.A17385@sheol.localdomain> <3E81AF6C.3060705@arnes.si> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3E81AF6C.3060705@arnes.si>; from uros.juvan@arnes.si on Wed, Mar 26, 2003 at 02:47:24PM +0100 X-Spam-Status: No, hits=-31.0 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: security at FreeBSD Subject: Re: what actually uses xdr_mem.c? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 14:15:40 -0000 On Mar 26, at 02:47 PM, Uros Juvan wrote: > > Idea is cool, but it just won't work on staticaly linked files, you can > test this with: > > # readelf -a /bin/ls Oh, man! It seems as though my command requires that a statically-linked binary has "relocation sections" (whatever they are), at the very least. > I don't think there is 100% way of telling whether staticaly linked file > is linked against vulnerable xdr_mem.o, especially because obviously > rcsid string is undefined in source file. > Exept of course searching for machine bytes composing vulnerable code :) It appears that you're correct. Bummer for me, as I've put out that command a couple of times now. I _hate_ looking stupid in public, especially when I think I've done something really smart. :-( > Regards, > Uros Juvan Thanks for hitting me with the Clue Stick. I'll shut up now. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/