what actually uses xdr_mem.c?
Jeremy C. Reed
reed at reedmedia.net
Wed Mar 26 06:12:00 PST 2003
In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries
or tools under /bin or /sbin actually use that problem code?
The recent XDR fixes the xdrmem_getlong_aligned(),
xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
functions, but it is difficult to know what uses these (going backwards
manually).
For example, a simple MD5 (of binaries before and after) shows many
changes that are probably irrelevant. It is hard to tell if any static
tools even use those changes; maybe mount_nfs and umount. And maybe
/usr/lib/librpcsvc*.
Is the XDR only used for RPC related tools? (Or is it is used as a generic
portable binary data format used with all libc?)
With some other libc security issues (such as with resolver), you can
easily know which tools use that code.
The various XDR-related advisories are vague and don't really mention what
can be effected by this issue.
(For last summer's xdr issue, it was suggested (for Solaris) that the
Desktop Management Interface service daemon and Calendar Manager service
daemon be disabled.)
Jeremy C. Reed
http://bsd.reedmedia.net/
p.s. I provide binary updates for customers; and for most issues I don't
want to provide binaries that are not effected.
More information about the freebsd-security
mailing list