Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Jun 2002 12:43:23 -0400 (EDT)
From:      "H. Wade Minter" <minter@lunenburg.org>
To:        Brett Glass <brett@lariat.org>
Cc:        bright@mu.org, <odela01@ca.com>, <freebsd-security@freebsd.org>
Subject:   Re: resolv and dynamic linking to compat libc
Message-ID:  <20020627124102.V92880-100000@bunning.skiltech.com>
In-Reply-To: <200206271617.KAA04440@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 27 Jun 2002, Brett Glass wrote:

> Last night, I saw an attempted attackl that may have been an attempt to
> subvert a build of Apache 2.0.39 built with the buggy libc. Apache had spawned
> dozens of child processes, which all hung (they were trying to double-free
> memory) and the server was completely locked up. As far as I can tell, the
> intruder didn't make it in but did manage to mess up Apache's unprivileged
> child processes -- a first step.

My version of apache from ports seems to dynamically link libc.so.4, not
statically, which would indicate to me that it would pick up a rebuild
patched libc, and wouldn't need to be rebuilt itself.

bash-2.05a# ldd /usr/local/sbin/httpd
/usr/local/sbin/httpd:
        libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280a9000)
        libmm.so.11 => /usr/local/lib/libmm.so.11 (0x280c2000)
        libc.so.4 => /usr/lib/libc.so.4 (0x280c6000)
bash-2.05a#

Anyone care to confirm/deny that?  I scanned for statically linked
binaries in /usr/local/bin, and only found a couple (mostly shells), so I
rebuilt those.

--Wade

-- 
'I say to you that the VCR is to the American film producer and the American
public as the Boston strangler is to the woman home alone.'
      Jack Valenti on VCRs, 1982

'It's getting clear -- alarmingly clear, I might add -- that we are in the
midst of the possibility of Armageddon.'
      Jack Valenti on the Internet, 2002

http://www.digitalconsumer.org/
http://digitalspeech.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020627124102.V92880-100000>