From owner-freebsd-security  Wed Jun 26 18:44:57 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 4CC4D37D6D9
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 17:56:53 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g5R0upw6019460;
	Wed, 26 Jun 2002 20:56:51 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 26 Jun 2002 20:56:51 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Mark Hartley <mark@work.drapple.com>
Cc: freebsd-security@FreeBSD.ORG,
	"H. Wade Minter" <minter@lunenburg.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
In-Reply-To: <XFMail.020626151359.mark@work.drapple.com>
Message-ID: <Pine.NEB.3.96L.1020626205448.17483C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Wed, 26 Jun 2002, Mark Hartley wrote:

> Are there other common applications (not rebuilt by the world) that many
> of us are likely to be running which are going to need to be rebuilt
> (i.e. Apache, pop3 servers, db servers, etc)? 
> 
> I'm not really sure how to even know if an application would be
> statically linked against libc.  Maybe someone with a clue could post
> some instructions on how to check out if an app is statically linked
> against libc, then we could test our own apps and rebuild as needed. 
> Anyone have an easy way that we can tell? 

I just sent out some instructions in another mail, but the basic gist is
that you run the 'file' command on the binaries you're worried about, and
make sure they are dynamically linked.  If the binary is statically
linked, or it's dynamically linked against an older libc, it will need to
be rebuilt. 

Assuming they dynamically link against the current (fixed) version of the
libc library, then restarting the application without rebuilding should be
sufficient.  Note that if the daemon is actually *running* when you
replace libc, you'll need to restart it so it picks up the new library
version.  It does no good to replace the daemon on disk, but have the
running version be the old one.

Let me know if you have any questions.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message