From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 08:56:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5051537B401 for ; Tue, 5 Aug 2003 08:56:47 -0700 (PDT) Received: from ms-smtp-03.texas.rr.com (ms-smtp-03.texas.rr.com [24.93.36.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74F3F43F93 for ; Tue, 5 Aug 2003 08:56:46 -0700 (PDT) (envelope-from cboyd@gizmopartners.com) Received: from gizmopartners.com (cs24359-109.austin.rr.com [24.243.59.109]) h75Fuj0p029684 for ; Tue, 5 Aug 2003 10:56:45 -0500 (CDT) Date: Tue, 5 Aug 2003 10:56:45 -0500 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Chris Boyd To: freebsd-security@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <5.0.2.1.1.20030804044235.02bce1f0@popserver.sfu.ca> Message-Id: <69C7377D-C75D-11D7-9563-00039375B178@gizmopartners.com> X-Mailer: Apple Mail (2.552) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 15:56:47 -0000 Many thanks for building this, Colin. When I do the update on a 4.8-RELEASE box, should all the files noted be replaced? On my two test machines, only /usr/libexec/sftp-server was replaced. Both machines are running custom kernels, but I've never built world or used the free-bsd update before on them. --Chris On Monday, August 4, 2003, at 06:01 PM, Colin Percival wrote: > At 00:54 04/08/2003 -0700, I wrote: > > Once the binary updates are available, FreeBSD Update > >(security/freebsd-update in the ports tree) will be able to fetch and > >install them; I'll send another email to this list after they've been > >built, signed, and uploaded. > > Binary patches can now be installed via FreeBSD Update for any > systems with a binary install of 4.7-RELEASE or 4.8-RELEASE which have > not have any system binaries rebuilt or replaced locally (except by > FreeBSD Update). > With a recent copy of the ports tree: > 1. cd /usr/ports/security/freebsd-update/ && make all install > 2. cp /usr/local/etc/freebsd-update.conf.sample > /usr/local/etc/freebsd-update.conf > 3. /usr/local/sbin/freebsd-update fetch > 4. /usr/local/sbin/freebsd-update install > > In FreeBSD 4.7, the following binaries were affected by this > security advisory: > /bin/mv > /bin/pwd > /bin/realpath > /sbin/kldconfig > /sbin/mount > /sbin/mount_cd9660 > /sbin/mount_ext2fs > /sbin/mount_fdesc > /sbin/mount_kernfs > /sbin/mount_linprocfs > /sbin/mount_mfs > /sbin/mount_msdos > /sbin/mount_nfs > /sbin/mount_ntfs > /sbin/mount_null > /sbin/mount_nwfs > /sbin/mount_portal > /sbin/mount_procfs > /sbin/mount_smbfs > /sbin/mount_std > /sbin/mount_umap > /sbin/mount_union > /sbin/mountd > /sbin/newfs > /sbin/umount > /usr/bin/make > /usr/lib/libc.a > /usr/lib/libc.so.4 > /usr/lib/libc_p.a > /usr/lib/libc_pic.a > /usr/lib/libc_r.a > /usr/lib/libc_r.so.4 > /usr/lib/libc_r_p.a > /usr/libexec/lukemftpd > /usr/libexec/sftp-server > /usr/sbin/config > /usr/sbin/pkg_add > /usr/sbin/sshd > > In FreeBSD 4.8, the same binaries were affected, with the exception > of /sbin/mount_kernfs (no longer installed), /usr/bin/make (no longer > uses realpath), and /usr/libexec/lukemftpd (no longer installed). > > Colin Percival > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >