Date: Thu, 27 Mar 2003 16:22:05 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: Uros Juvan <uros.juvan@arnes.si> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: what actually uses xdr_mem.c? Message-ID: <20030327160638.J1404@gamplex.bde.org> In-Reply-To: <3E81AF6C.3060705@arnes.si> References: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net> <20030326061041.A17052@sheol.localdomain> <20030326071637.A17385@sheol.localdomain> <3E81AF6C.3060705@arnes.si>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 2003, Uros Juvan wrote: > Idea is cool, but it just won't work on staticaly linked files, you can > test this with: > > # readelf -a /bin/ls > > for example :( > > I don't think there is 100% way of telling whether staticaly linked file > is linked against vulnerable xdr_mem.o, especially because obviously > rcsid string is undefined in source file. This isn't so obvious: %%% Script started on Thu Mar 27 16:07:33 2003 ttyp0:bde@besplex:/tmp> strings -a /bin/ls | grep xdr_mem $FreeBSD: src/lib/libc/xdr/xdr_mem.c,v 1.11 2002/03/22 21:53:26 obrien Exp $ ttyp0:bde@besplex:/tmp> exit Script done on Thu Mar 27 16:07:44 2003 %%% (strings -a shows a few other interesting strings and lots of bloat.) xdr_mem.c has always had some sort of id string, but putting the string in the object file was broken for many years by putting the rcsid in the LIBC_SCCS section and then renaming LIBC_SCCS to LIBC_RCS in the Makefile without adjusting any source files that had ids. This was fixed relatively recently in -current but is still broken in RELENG_4. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030327160638.J1404>