From owner-freebsd-security  Mon Jul  1 10:53: 5 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D290237B400
	for <freebsd-security@freebsd.org>; Mon,  1 Jul 2002 10:53:02 -0700 (PDT)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E681C43E0A
	for <freebsd-security@freebsd.org>; Mon,  1 Jul 2002 10:53:01 -0700 (PDT)
	(envelope-from nectar@nectar.cc)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id 3E34134; Mon,  1 Jul 2002 12:53:01 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g61Hr14N009088;
	Mon, 1 Jul 2002 12:53:01 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g61Hr04t009087;
	Mon, 1 Jul 2002 12:53:00 -0500 (CDT)
Date: Mon, 1 Jul 2002 12:53:00 -0500
From: "Jacques A. Vidrine" <nectar@freebsd.org>
To: "Lachlan O'Dea" <odela01@ca.com>
Cc: freebsd-security@freebsd.org
Subject: Re: resolv and dynamic linking to compat libc
Message-ID: <20020701175300.GG8128@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Lachlan O'Dea <odela01@ca.com>, freebsd-security@freebsd.org
References: <3D1AA5F2.9020305@ca.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D1AA5F2.9020305@ca.com>
User-Agent: Mutt/1.4i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jun 27, 2002 at 03:43:14PM +1000, Lachlan O'Dea wrote:
> Hi,
> 
> With regard the resolv vulnerability, is there any issue with older 
> binaries that are linking against an older libc.so? For example, on my 
> box I have a /usr/lib/compat/libc.so.3. Will a make world fix this 
> library as well?

No, I'm afraid not.  libc.so.3 will not be rebuilt in the usual sense
of the word, thus leaving binaries that link against it vulnerable.
I don't have a solution for you at the moment, but once we've patched
RELENG_3 (FreeBSD 3.x), then perhaps we'll be able to get there.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message