From owner-freebsd-security@FreeBSD.ORG Tue Apr 22 18:14:03 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20E45106564A for ; Tue, 22 Apr 2008 18:14:03 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id 0A6858FC13 for ; Tue, 22 Apr 2008 18:14:03 +0000 (UTC) (envelope-from marquis@roble.com) Date: Tue, 22 Apr 2008 11:14:02 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20080422120021.D18CD1065674@hub.freebsd.org> References: <20080422120021.D18CD1065674@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20080422181402.DDE2E2B45B3@mx5.roble.com> Subject: Re: openssldoesn't -overwrite-base again (was: FreeBSD-SA-08:05.openssh) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Apr 2008 18:14:03 -0000 Dirk Meyer wrote: > The -overwrite-base option was only functional on FreeBSD 4.x > With FreeBSD 5.x the libs are spread in /lib and /usr/lib, so > even if the ports overwrite base libs, some tools still use the > old (unpatched) libs from /lib. Couldn't this be addressed simply by removing the old libs, possibly replacing with symlinks, in coordination with the standard/base? We shouldn't need to worry about base applications linked to the old libs anyhow, unless a base app is making unreasonable expectations. Better to fix those bugs in base, IMO, than have multiple versions of key libraries. Roger Marquis