Date: Wed, 26 Jun 2002 18:14:30 -0700 (PDT) From: Mark Hartley <mark@work.drapple.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Message-ID: <XFMail.020626181430.mark@work.drapple.com> In-Reply-To: <Pine.NEB.3.96L.1020626205448.17483C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27-Jun-02 Robert Watson wrote: > > On Wed, 26 Jun 2002, Mark Hartley wrote: > >> Are there other common applications (not rebuilt by the world) that many >> of us are likely to be running which are going to need to be rebuilt >> (i.e. Apache, pop3 servers, db servers, etc)? >> >> I'm not really sure how to even know if an application would be >> statically linked against libc. Maybe someone with a clue could post >> some instructions on how to check out if an app is statically linked >> against libc, then we could test our own apps and rebuild as needed. >> Anyone have an easy way that we can tell? > > I just sent out some instructions in another mail, but the basic gist is > that you run the 'file' command on the binaries you're worried about, and > make sure they are dynamically linked. If the binary is statically > linked, or it's dynamically linked against an older libc, it will need to > be rebuilt. > > Assuming they dynamically link against the current (fixed) version of the > libc library, then restarting the application without rebuilding should be > sufficient. Note that if the daemon is actually *running* when you > replace libc, you'll need to restart it so it picks up the new library > version. It does no good to replace the daemon on disk, but have the > running version be the old one. > > Let me know if you have any questions. I figured the reboot of the whole system I did (after going through the whole build and install of kernel & world), should have taken care of making sure any dynamically linked stuff is using the new & improved libc. So far I've only found a few apps that didn't get rebuilt that appear to be statically linked, and most of them are Kerberos tools (not sure why they weren't rebuilt with world), but I don't use Kerberos or run any Kerberos services. So far, it appears that a cvsup and rebuild of world is all that I'm going to need to do. Kudos to the FreeBSD developers for making such a sweet system. Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.020626181430.mark>