what actually uses xdr_mem.c?
Jeremy C. Reed
reed at reedmedia.net
Wed Mar 26 16:18:09 PST 2003
On Wed, 26 Mar 2003, Jacques A. Vidrine wrote:
> It also will fail you in this case. Since (most) affected binaries do
> not call xdrmem_* directly, those names will not appear in the
> binaries' symbol tables. (Although related names might, which may or
> may not be enough for you to go on.)
That is why I was wondering if anyone knew what actually uses the
functions that had security issues :)
On Wed, 26 Mar 2003, Jacques A. Vidrine wrote:
> > The recent XDR fixes the xdrmem_getlong_aligned(),
> > xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
> > xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
> > functions, but it is difficult to know what uses these (going backwards
> > manually).
>
> You'll never find it starting with those :-) Rather, look for uses of
> xdrmem_create.
I understand. (I already couldn't find any of those functions used by
anything else other than xdrmem_create.) That is my point: it is hard to
tell what uses what.
> Well, not _only_ for RPC, but certainly RPC is the big consumer.
> Almost any RPC application will also be using an xdrmem stream.
> Depending upon the data types marshalled through the stream, one of
> the affected routines may be called.
>
> Other applications could also use XDR directly, such as to serialize
> data for storage. I don't think this is very common.
Thanks for the explanation. (Now to figure out what is actually effected.)
> Have a look at Colin Percival's binary updates stuff. He believes he
> has overcome these issues.
I will look at it closer. (But I was told off-list that it didn't.
Nevertheless, it would be nice to find a way to automate this.)
> Also, one can pull out the `relevant' ELF sections, and compare those
> for a pretty good picture. You could use objcopy. I've used libelf
> to do the same.
Thanks for the ideas. I will give these a try. I see libelf is a library
for manipulating ELF -- is there a tool that uses it (like Solaris
pvs(1))?
Jeremy C. Reed
http://bsd.reedmedia.net/
More information about the freebsd-security
mailing list