From owner-freebsd-security@FreeBSD.ORG Wed Mar 26 06:02:05 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA3DA37B404 for ; Wed, 26 Mar 2003 06:02:05 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDCDA43F93 for ; Wed, 26 Mar 2003 06:02:04 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 5DA6851; Wed, 26 Mar 2003 08:02:04 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 3A0AC78C43; Wed, 26 Mar 2003 08:02:04 -0600 (CST) Date: Wed, 26 Mar 2003 08:02:04 -0600 From: "Jacques A. Vidrine" To: "Jeremy C. Reed" Message-ID: <20030326140204.GC33671@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , "Jeremy C. Reed" , freebsd-security@FREEBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 X-Spam-Status: No, hits=-31.8 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-security@FREEBSD.ORG Subject: Re: what actually uses xdr_mem.c? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 14:02:06 -0000 On Tue, Mar 25, 2003 at 10:11:46PM -0800, Jeremy C. Reed wrote: > In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries > or tools under /bin or /sbin actually use that problem code? > > The recent XDR fixes the xdrmem_getlong_aligned(), > xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), > xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() > functions, but it is difficult to know what uses these (going backwards > manually). You'll never find it starting with those :-) Rather, look for uses of xdrmem_create. [...] > Is the XDR only used for RPC related tools? (Or is it is used as a generic > portable binary data format used with all libc?) Well, not _only_ for RPC, but certainly RPC is the big consumer. Almost any RPC application will also be using an xdrmem stream. Depending upon the data types marshalled through the stream, one of the affected routines may be called. Other applications could also use XDR directly, such as to serialize data for storage. I don't think this is very common. > With some other libc security issues (such as with resolver), you can > easily know which tools use that code. > > The various XDR-related advisories are vague and don't really mention what > can be effected by this issue. > > (For last summer's xdr issue, it was suggested (for Solaris) that the > Desktop Management Interface service daemon and Calendar Manager service > daemon be disabled.) > > Jeremy C. Reed > http://bsd.reedmedia.net/ > > p.s. I provide binary updates for customers; and for most issues I don't > want to provide binaries that are not effected. Have a look at Colin Percival's binary updates stuff. He believes he has overcome these issues. Also, one can pull out the `relevant' ELF sections, and compare those for a pretty good picture. You could use objcopy. I've used libelf to do the same. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se