Date: Thu, 6 Feb 1997 08:07:59 -0800 (PST) From: Brion Moss <brion@queeg.com> To: Vadim Kolontsov <vadim@tversu.ac.ru> Cc: freebsd-security@freebsd.org Subject: Re:summury: holes in locale Message-ID: <199702061607.IAA13359@coven.queeg.com> In-Reply-To: <Pine.NEB.3.95.970206093031.25582B-100000@mailserv.tversu.ac.ru> References: <E0vsKIm-0002zi-00@rover.village.org> <Pine.NEB.3.95.970206093031.25582B-100000@mailserv.tversu.ac.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Any patchkit should also include the patches to the source; otherwise the security-patched binary version may be clobbered by someone rebuilding from source later on. I think it would be a big win if the security patch system worked using the pkg system; that way it would be easy to tell what patches had been applied (all you would need to do is run pkg_info). Maybe even add a -P option to pkg_info to show all installed patches...the solaris patch system works this way, and it's one of the nicer things about solaris. -Brion Vadim Kolontsov writes: > Hello, > > the summary about patchkit. > > Patchkit must understand all versions of FreeBSD, and make a correct > changes in the system. It must contain: > > 1) corrected /usr/lib/libc.a, libc.so.* > 2) corrected /usr/lib/crt0.o > 3) lfix, which patches statically linked binaries (why to > patch dinamically linked bins? we already fixed this bug placing patched > libc in /usr/lib, isn't it?) > 4) some script, which can make all modification automatically; it must > check if we are working in single-user mode (to avoid problem with > running binaries) > 5) good README > > My part of project: lfix/ltest. I have to make changes in it, because at > this time lfix/ltest tested only on FreeBSD 2.1.0 (by me). Also checking > for static/dyn linking can be added.. and chflag handling.. > > I still don't know what we need to do with statically linked binaries > which calls locale stuff by itself.. may be we can patch libc, contained > in binary (pattern search for _startup_locale code etc)?... of course, > recompiling is the solution... > > Anybody knows, how many statically linked setuid binaries call locale > routines by itself? (not by their C startup module) May be, we can include > corrected (recompiled) versions of them into the patchkit?.. For all > versions of FreeBSD? > > Any ideas, suggestions, volunteers?.. > > Best regards, Vadim. > -------------------------------------------------------------------------- > Vadim Kolontsov SysAdm/Programmer > Tver Regional Center of New Information Technologies Networks Lab > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702061607.IAA13359>