From owner-freebsd-security  Thu Jun 27 11: 7:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id C99E237B430; Thu, 27 Jun 2002 11:06:47 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id MAA05753;
	Thu, 27 Jun 2002 12:06:41 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020627120145.02451c10@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 27 Jun 2002 12:06:34 -0600
To: Robert Watson <rwatson@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: resolv and dynamic linking to compat libc
Cc: bright@mu.org, odela01@ca.com, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.NEB.3.96L.1020627125013.6971E-100000@fledge.watson.or
 g>
References: <200206271617.KAA04440@lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 10:55 AM 6/27/2002, Robert Watson wrote:

>Apache is actually a fairly unlikely target for the libc resolver attack,
>because it's default shipped both as dynamically linked, 

I seem to have a mix of static and dynamic linking among the machines
I host. When it links dynamically, it seems to use libc 3. For example:

httpd:
        -lcrypt.2 => /usr/lib/libcrypt.so.2.0 (0x2008b000)
        -lc.3 => /usr/lib/libc.so.3.1 (0x200a0000)

>and because it
>doesn't ship doing reverse DNS lookups by default for performance reasons. 

It doesn't do reverse DNS in the logs unless you turn on
HostNameLookups, that's true. But if you enable access control
on a directory it seems to look up the client.

>Far more likely targets are tools such as sendmail or sshd, which do
>predictable DNS lookups based on externally generated network traffic.

Very true. Sendmail in particular might be a problem.

>We are aware of the ftp apache package problem and attempting to resolve
>it. 

Thank you!

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message