From owner-freebsd-security@FreeBSD.ORG  Wed Aug  6 09:29:45 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A84737B401
	for <freebsd-security@freebsd.org>;
	Wed,  6 Aug 2003 09:29:45 -0700 (PDT)
Received: from kosh.etchings.com (kosh.etchings.com [216.231.38.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D1B643FCB
	for <freebsd-security@freebsd.org>;
	Wed,  6 Aug 2003 09:29:45 -0700 (PDT)
	(envelope-from brian@etchings.com)
Received: by kosh.etchings.com (Postfix, from userid 1000)
	id E9659117040; Wed,  6 Aug 2003 09:31:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by kosh.etchings.com (Postfix) with ESMTP id E82BA11703F
	for <freebsd-security@freebsd.org>;
	Wed,  6 Aug 2003 09:31:24 -0700 (PDT)
Date: Wed, 6 Aug 2003 09:31:24 -0700 (PDT)
From: Brian Kraemer <brian@etchings.com>
To: freebsd-security@freebsd.org
Message-ID: <20030806092431.O18916-100000@kosh.etchings.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: statically compiled files left over after a 'make world'
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2003 16:29:45 -0000

Hello,

I recently did a 'make world' to update my base system due to the realpath
bug. After that finished, I noticed that I still had the following
statically compiled binaries laying around that did not get updated during
a 'make world'. I track 4-STABLE.

/usr/bin/miniperl
/sbin/mount_kernfs
/sbin/mount_devfs
/sbin/modunload
/sbin/modload
/sbin/ft
/stand/boot_crunch
/stand/find
/stand/sed
/stand/test
/stand/pwd
/stand/ppp
/stand/newfs
/stand/minigzip
/stand/cpio
/stand/bad144
/stand/fsck
/stand/ifconfig
/stand/route
/stand/slattach
/stand/mount_nfs
/stand/dhclient
/stand/arp
/stand/gzip
/stand/gunzip
/stand/zcat
/stand/-sh
/stand/[
/stand/sh

Since they were not updated during a 'make world', does that mean that
they are deprecated and can be safely removed?

If not, why weren't they updated during a 'make world'? Is it a security
risk having them stick around since they haven't been re-linked against the
new libc?

Thanks,

-Brian