From owner-freebsd-security Wed Jun 26 18:41:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from hyperreal.org (taz3.hyperreal.org [209.133.83.22]) by hub.freebsd.org (Postfix) with SMTP id 9E3CA37D986 for ; Wed, 26 Jun 2002 18:06:48 -0700 (PDT) Received: (qmail 27133 invoked from network); 27 Jun 2002 01:06:46 -0000 Received: from localhost.hyperreal.org (HELO yez.hyperreal.org) (127.0.0.1) by localhost.hyperreal.org with SMTP; 27 Jun 2002 01:06:46 -0000 Received: (qmail 25709 invoked by uid 1000); 27 Jun 2002 01:08:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Jun 2002 01:08:45 -0000 Date: Wed, 26 Jun 2002 18:08:45 -0700 (PDT) From: Brian Behlendorf To: Brett Glass Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv In-Reply-To: <4.3.2.7.2.20020626143023.022716c0@localhost> Message-ID: <20020626180540.G310-100000@yez.hyperreal.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost.hyperreal.org 1.6.2 900/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 26 Jun 2002, Brett Glass wrote: > At 01:26 PM 6/26/2002, H. Wade Minter wrote: > > >So am I correct in assuming that this fix requires a complete system > >rebuild (make buildworld) as opposed to just rebuilding a particular > >module? > > Worse than that. Every package or port must be reinstalled > or rebuilt too. Ditto everything you've built from source. > Basically, the entire system must be ripped up by the roots. Not as I understand it. It's just those programs that statically link in libc at compile time. And if you rebuild world, you only have to worry about packages/ports. After running file on every third-party executable on a couple systems I manage, only a few turned up as possible candidates; rebuilding them was pretty straightforward, except for bash2 and rpm whose ports don't appear to compile currently. I simply ran: find /usr/local/ -exec file \{\} \; | fgrep static to narrow down the search. Add other dirs you may install software in. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message