From owner-freebsd-security Thu Jun 27 9:43:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from bunning.skiltech.com (bunning.skiltech.com [216.235.79.240]) by hub.freebsd.org (Postfix) with ESMTP id 3C19237B400 for ; Thu, 27 Jun 2002 09:43:28 -0700 (PDT) Received: (from root@localhost) by bunning.skiltech.com (8.12.3/8.11.6) id g5RGhQkN093520; Thu, 27 Jun 2002 12:43:26 -0400 (EDT) (envelope-from minter@bunning.skiltech.com) Received: from bunning.skiltech.com (localhost [127.0.0.1]) by bunning.skiltech.com (8.12.3/8.12.3) with ESMTP id g5RGhNgh093509 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 27 Jun 2002 12:43:24 -0400 (EDT) (envelope-from minter@bunning.skiltech.com) Received: (from minter@localhost) by bunning.skiltech.com (8.12.3/8.12.3/Submit) id g5RGhNC8093508; Thu, 27 Jun 2002 12:43:23 -0400 (EDT) Date: Thu, 27 Jun 2002 12:43:23 -0400 (EDT) From: "H. Wade Minter" X-X-Sender: minter@bunning.skiltech.com To: Brett Glass Cc: bright@mu.org, , Subject: Re: resolv and dynamic linking to compat libc In-Reply-To: <200206271617.KAA04440@lariat.org> Message-ID: <20020627124102.V92880-100000@bunning.skiltech.com> X-Folkin-Excellent: Eddie From Ohio (efohio.com) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 27 Jun 2002, Brett Glass wrote: > Last night, I saw an attempted attackl that may have been an attempt to > subvert a build of Apache 2.0.39 built with the buggy libc. Apache had spawned > dozens of child processes, which all hung (they were trying to double-free > memory) and the server was completely locked up. As far as I can tell, the > intruder didn't make it in but did manage to mess up Apache's unprivileged > child processes -- a first step. My version of apache from ports seems to dynamically link libc.so.4, not statically, which would indicate to me that it would pick up a rebuild patched libc, and wouldn't need to be rebuilt itself. bash-2.05a# ldd /usr/local/sbin/httpd /usr/local/sbin/httpd: libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280a9000) libmm.so.11 => /usr/local/lib/libmm.so.11 (0x280c2000) libc.so.4 => /usr/lib/libc.so.4 (0x280c6000) bash-2.05a# Anyone care to confirm/deny that? I scanned for statically linked binaries in /usr/local/bin, and only found a couple (mostly shells), so I rebuilt those. --Wade -- 'I say to you that the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.' Jack Valenti on VCRs, 1982 'It's getting clear -- alarmingly clear, I might add -- that we are in the midst of the possibility of Armageddon.' Jack Valenti on the Internet, 2002 http://www.digitalconsumer.org/ http://digitalspeech.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message