Date: Tue, 25 Mar 2003 22:11:46 -0800 (PST) From: "Jeremy C. Reed" <reed@reedmedia.net> To: freebsd-security@FREEBSD.ORG Subject: what actually uses xdr_mem.c? Message-ID: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net>
next in thread | raw e-mail | index | archive | help
In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries or tools under /bin or /sbin actually use that problem code? The recent XDR fixes the xdrmem_getlong_aligned(), xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() functions, but it is difficult to know what uses these (going backwards manually). For example, a simple MD5 (of binaries before and after) shows many changes that are probably irrelevant. It is hard to tell if any static tools even use those changes; maybe mount_nfs and umount. And maybe /usr/lib/librpcsvc*. Is the XDR only used for RPC related tools? (Or is it is used as a generic portable binary data format used with all libc?) With some other libc security issues (such as with resolver), you can easily know which tools use that code. The various XDR-related advisories are vague and don't really mention what can be effected by this issue. (For last summer's xdr issue, it was suggested (for Solaris) that the Desktop Management Interface service daemon and Calendar Manager service daemon be disabled.) Jeremy C. Reed http://bsd.reedmedia.net/ p.s. I provide binary updates for customers; and for most issues I don't want to provide binaries that are not effected.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.43.0303252144400.21019-100000>