Date: Wed, 26 Mar 2003 08:18:02 -0800 (PST) From: "Jeremy C. Reed" <reed@reedmedia.net> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: freebsd-security@FREEBSD.ORG Subject: Re: what actually uses xdr_mem.c? Message-ID: <Pine.LNX.4.43.0303260803200.21019-100000@pilchuck.reedmedia.net> In-Reply-To: <20030326140204.GC33671@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 2003, Jacques A. Vidrine wrote: > It also will fail you in this case. Since (most) affected binaries do > not call xdrmem_* directly, those names will not appear in the > binaries' symbol tables. (Although related names might, which may or > may not be enough for you to go on.) That is why I was wondering if anyone knew what actually uses the functions that had security issues :) On Wed, 26 Mar 2003, Jacques A. Vidrine wrote: > > The recent XDR fixes the xdrmem_getlong_aligned(), > > xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(), > > xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes() > > functions, but it is difficult to know what uses these (going backwards > > manually). > > You'll never find it starting with those :-) Rather, look for uses of > xdrmem_create. I understand. (I already couldn't find any of those functions used by anything else other than xdrmem_create.) That is my point: it is hard to tell what uses what. > Well, not _only_ for RPC, but certainly RPC is the big consumer. > Almost any RPC application will also be using an xdrmem stream. > Depending upon the data types marshalled through the stream, one of > the affected routines may be called. > > Other applications could also use XDR directly, such as to serialize > data for storage. I don't think this is very common. Thanks for the explanation. (Now to figure out what is actually effected.) > Have a look at Colin Percival's binary updates stuff. He believes he > has overcome these issues. I will look at it closer. (But I was told off-list that it didn't. Nevertheless, it would be nice to find a way to automate this.) > Also, one can pull out the `relevant' ELF sections, and compare those > for a pretty good picture. You could use objcopy. I've used libelf > to do the same. Thanks for the ideas. I will give these a try. I see libelf is a library for manipulating ELF -- is there a tool that uses it (like Solaris pvs(1))? Jeremy C. Reed http://bsd.reedmedia.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.43.0303260803200.21019-100000>