From owner-freebsd-security@FreeBSD.ORG Mon Aug 4 16:01:41 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AFDF37B401; Mon, 4 Aug 2003 16:01:41 -0700 (PDT) Received: from pd5mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30E0543FAF; Mon, 4 Aug 2003 16:01:40 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd6mr2so.prod.shaw.ca (pd6mr2so-qfe3.prod.shaw.ca [10.0.141.217]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTP id <0HJ400EHRAMRDQ@l-daemon>; Mon, 04 Aug 2003 17:01:39 -0600 (MDT) Received: from pn2ml5so.prod.shaw.ca (pn2ml5so-qfe0.prod.shaw.ca [10.0.121.149]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTP id <0HJ400FSBAMRXB@l-daemon>; Mon, 04 Aug 2003 17:01:39 -0600 (MDT) Received: from piii600.wadham.ox.ac.uk (h24-87-233-42.vc.shawcable.net [24.87.233.42])2003)) with ESMTP id <0HJ40010TAMP0W@l-daemon>; Mon, 04 Aug 2003 17:01:39 -0600 (MDT) Date: Mon, 04 Aug 2003 16:01:34 -0700 From: Colin Percival In-reply-to: <5.0.2.1.1.20030804004417.02bcc920@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca To: freebsd-security@freebsd.org Message-id: <5.0.2.1.1.20030804044235.02bce1f0@popserver.sfu.ca> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <200308040004.h7404VVL030671@freefall.freebsd.org> cc: "Jacques A. Vidrine" Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 23:01:41 -0000 At 00:54 04/08/2003 -0700, I wrote: > Once the binary updates are available, FreeBSD Update >(security/freebsd-update in the ports tree) will be able to fetch and >install them; I'll send another email to this list after they've been >built, signed, and uploaded. Binary patches can now be installed via FreeBSD Update for any systems with a binary install of 4.7-RELEASE or 4.8-RELEASE which have not have any system binaries rebuilt or replaced locally (except by FreeBSD Update). With a recent copy of the ports tree: 1. cd /usr/ports/security/freebsd-update/ && make all install 2. cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf 3. /usr/local/sbin/freebsd-update fetch 4. /usr/local/sbin/freebsd-update install In FreeBSD 4.7, the following binaries were affected by this security advisory: /bin/mv /bin/pwd /bin/realpath /sbin/kldconfig /sbin/mount /sbin/mount_cd9660 /sbin/mount_ext2fs /sbin/mount_fdesc /sbin/mount_kernfs /sbin/mount_linprocfs /sbin/mount_mfs /sbin/mount_msdos /sbin/mount_nfs /sbin/mount_ntfs /sbin/mount_null /sbin/mount_nwfs /sbin/mount_portal /sbin/mount_procfs /sbin/mount_smbfs /sbin/mount_std /sbin/mount_umap /sbin/mount_union /sbin/mountd /sbin/newfs /sbin/umount /usr/bin/make /usr/lib/libc.a /usr/lib/libc.so.4 /usr/lib/libc_p.a /usr/lib/libc_pic.a /usr/lib/libc_r.a /usr/lib/libc_r.so.4 /usr/lib/libc_r_p.a /usr/libexec/lukemftpd /usr/libexec/sftp-server /usr/sbin/config /usr/sbin/pkg_add /usr/sbin/sshd In FreeBSD 4.8, the same binaries were affected, with the exception of /sbin/mount_kernfs (no longer installed), /usr/bin/make (no longer uses realpath), and /usr/libexec/lukemftpd (no longer installed). Colin Percival