From owner-freebsd-security  Wed Jun 26 18:43:56 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id E8B0C37B4AD
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 18:21:12 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g5R1LBw6019650;
	Wed, 26 Jun 2002 21:21:11 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 26 Jun 2002 21:21:10 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Mark Hartley <mark@work.drapple.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
In-Reply-To: <XFMail.020626181430.mark@work.drapple.com>
Message-ID: <Pine.NEB.3.96L.1020626211921.17483G-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Wed, 26 Jun 2002, Mark Hartley wrote:

> I figured the reboot of the whole system I did (after going through the
> whole build and install of kernel & world), should have taken care of
> making sure any dynamically linked stuff is using the new & improved
> libc. 
> 
> So far I've only found a few apps that didn't get rebuilt that appear to
> be statically linked, and most of them are Kerberos tools (not sure why
> they weren't rebuilt with world), but I don't use Kerberos or run any
> Kerberos services.  So far, it appears that a cvsup and rebuild of world
> is all that I'm going to need to do. 

If you ended up with Kerberos installed somehow, it was probably an
accidental flip of a switch in sysinstall.  I make a habit of walking
{/bin,/sbin,/usr/bin,/usr/sbin,/usr/libexec} after each installworld and
trimming old and unused binaries.  Especially for things like UUCP in
-CURRENT, where the software presents some risk, and isn't going to get
automatically garbage collected by the install process.  I'd go through
and check all the file modification dates in your binary directories and
trim things you know you don't need just to reduce the chances of
something slipping through the cracks.  (Watch out not to delete old
symlinks -- unlike binaries, their timestamps aren't updated during the
install if they are still needed). 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message