From owner-freebsd-security@FreeBSD.ORG Wed Mar 26 23:29:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F7E437B404; Wed, 26 Mar 2003 23:29:47 -0800 (PST) Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id B40E343F93; Wed, 26 Mar 2003 23:29:45 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta05-svc.ntlworld.comESMTP <20030327072944.DEPS310.mta05-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Thu, 27 Mar 2003 07:29:44 +0000 Message-Id: <5.0.2.1.1.20030327055355.029c1478@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 27 Mar 2003 07:29:42 +0000 To: "Jeremy C. Reed" , "Jacques A. Vidrine" From: Colin Percival In-Reply-To: <5.0.2.1.1.20030327021835.01e005c8@popserver.sfu.ca> References: <20030326140204.GC33671@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Status: No, hits=-22.1 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-security@freebsd.org Subject: Re: what actually uses xdr_mem.c? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2003 07:29:48 -0000 At 02:25 27/03/2003 +0000, I wrote: > To clarify: I'm not sure if my code worked properly here. It certainly > hasn't missed any files, but it might have introduced false positives -- > I was surprised by the number of files it identified as having > changed. I'm currently looking at this in more detail to determine if in > fact these are false positives. And the answer is, they're not false positives. libc/xdr/xdr_mem is used by libc/rpc/clnt_tcp, which is used by libc/yp/yplib, and that is included in: /bin/csh /bin/date /bin/ls /bin/mv /bin/pax /bin/ps /bin/rcp /bin/rm /bin/sh /bin/tcsh /bin/unlink /sbin/atm /sbin/dhclient /sbin/dump /sbin/fastboot /sbin/fasthalt /sbin/fsck /sbin/fsdb /sbin/halt /sbin/ifconfig /sbin/init /sbin/ip6fw /sbin/ipf /sbin/ipfstat /sbin/ipfw /sbin/ipmon /sbin/ipnat /sbin/mknod /sbin/mount /sbin/mount_msdos /sbin/mount_nfs /sbin/mount_ntfs /sbin/mount_nwfs /sbin/mount_portal /sbin/mountd /sbin/natd /sbin/nfsd /sbin/nos-tun /sbin/ping /sbin/ping6 /sbin/quotacheck /sbin/rdump /sbin/reboot /sbin/restore /sbin/route /sbin/routed /sbin/rrestore /sbin/rtquery /sbin/shutdown /sbin/umount /sbin/vinum /usr/bin/tar /usr/lib/libc.a /usr/lib/libc.so.4 /usr/lib/libc_p.a /usr/lib/libc_pic.a /usr/lib/libc_r.a /usr/lib/libc_r.so.4 /usr/lib/libc_r_p.a /usr/libexec/elf/gdb Of course, in most (all?) of these cases it would be impossible to exploit the xdr bug, but all those files contain the modified code. Colin Percival