From owner-freebsd-security@FreeBSD.ORG Wed Aug 6 12:33:48 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 360B437B401 for ; Wed, 6 Aug 2003 12:33:48 -0700 (PDT) Received: from lakemtao05.cox.net (lakemtao05.cox.net [68.1.17.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C42C43F75 for ; Wed, 6 Aug 2003 12:33:47 -0700 (PDT) (envelope-from freebsd@critesclan.com) Received: from helaman ([68.107.163.57]) by lakemtao05.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20030806193347.DNKD20948.lakemtao05.cox.net@helaman> for ; Wed, 6 Aug 2003 15:33:47 -0400 From: To: Date: Wed, 6 Aug 2003 14:34:28 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: Subject: RE: statically compiled files left over after a 'make world' X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@critesclan.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 19:33:48 -0000 I'm not sure that answered his question. I believe the issue is that there are os programs that are not compiled/recompiled during a make world, and so what does that mean. Does it mean they are no longer needed and can be safely removed? I'm thinking that is not the case. I have a single script that does a CVSup (tag=.), then does a buildworld and installworld, then does a buildkernel and installkernel, then reboots the system. In theory, everything on my system should be completely rebuilt after this process (which starts every Saturday evening at 10pm). When I check on Monday morning, I see the kernel is compiled the past weekend, etc, so I'm a happy guy. When I got this message, I did a check, and I found that 3 mount_XXX files have not been changed since my initial installation date, and that a whole slew of items in /stand have various other dates. I can deal with the help files having their original date, but the programs are still based upon my initial install date. I'm not sure if there is a "deal" to be made over this, but the question still remains. What do you do with those programs that have not been rebuilt in a buildworld? Are they security risks? Are they simply things missed in the make, and someone needs to add them in? The impression I have is that anything not rebuilt after the above process is an error condition that should be addressed. Am I wrong? Lee -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org]On Behalf Of bks10@cornell.edu Sent: Wednesday, 06 August 2003 12:03 To: Brian Kraemer Cc: freebsd-security@freebsd.org Subject: Re: statically compiled files left over after a 'make world' If you track 4-STABLE you have nothing to worry about anyway. The bug did not affect 4-STABLE, only 4.8, 4.7, etc... Peace. On Wed, 6 Aug 2003, Brian Kraemer wrote: > Hello, > > I recently did a 'make world' to update my base system due to the realpath > bug. After that finished, I noticed that I still had the following > statically compiled binaries laying around that did not get updated during > a 'make world'. I track 4-STABLE. > > /usr/bin/miniperl > /sbin/mount_kernfs > /sbin/mount_devfs > /sbin/modunload > /sbin/modload > /sbin/ft > /stand/boot_crunch > /stand/find > /stand/sed > /stand/test > /stand/pwd > /stand/ppp > /stand/newfs > /stand/minigzip > /stand/cpio > /stand/bad144 > /stand/fsck > /stand/ifconfig > /stand/route > /stand/slattach > /stand/mount_nfs > /stand/dhclient > /stand/arp > /stand/gzip > /stand/gunzip > /stand/zcat > /stand/-sh > /stand/[ > /stand/sh > > Since they were not updated during a 'make world', does that mean that > they are deprecated and can be safely removed? > > If not, why weren't they updated during a 'make world'? Is it a security > risk having them stick around since they haven't been re-linked against the > new libc? > > Thanks, > > -Brian > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"