From owner-freebsd-security  Wed Jun 26 18:30:31 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 4087C37D61E
	for <freebsd-security@freebsd.org>; Wed, 26 Jun 2002 17:54:36 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g5R0sYw6019435;
	Wed, 26 Jun 2002 20:54:34 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 26 Jun 2002 20:54:34 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Henk Wevers <henk@wevers.org>
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
In-Reply-To: <3D1A3153.6000704@wevers.org>
Message-ID: <Pine.NEB.3.96L.1020626205223.17483B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Wed, 26 Jun 2002, Henk Wevers wrote:

> Does this mean that if you just build OpenSSH 3.4.p1, you must build
> this again with the new world? 

If the OpenSSH binaries are dynamically linked against the version of libc
you are replacing, you don't need to rebuild OpenSSH, since it will just
automatically pick up the change.  Do make sure you restart the sshd
process after the upgrade, however, or it could use a cached copy of the
library in memory (as with any other binary).  While you can do all this
without reboots, the best way the guarantee the instances of the library
have been replaced is to reboot.  Yeah, I know that's the evil windows
thing, but it will work.  The other way to do this is to track down any
executing binary that might have linked/dynamically linked against the old
version of the library, and make sure it's restarted using a rebuilt
version of the application. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message