upgrading libssh and rtld

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Sep 18 06:31:33 PDT 2003 

On Thu, Sep 18, 2003 at 01:12:33PM +0100, lemon wrote:
> hi,
> 
> with respect to upgrading openssh on various boxes, i note that the 
> advisory[0] details killing and restarting sshd in order to bring the 
> new one into play.
> 
> the base sshd is dynamically linked against libssh, the version of which 
> doesn't appear to change over the upgrade.
> 
> my question is this: does the rtld notice the change in library and 
> reload it, or will it re-use the pre-upgrade one already in memory? the 
> latter suggests only a reboot will bring the new library into play, 
> especially if the work is being carried out over ssh, and so keeping an 
> sshd in play at all times.
> 
> i can't see any stuff in the rtld-elf source to suggest that it'll 
> notice a change in library files, but my understanding of the linker is 
> pretty flimsy.

Hmmm... good question.  As far as I can tell from the rtld-elf
sources, the runtime loader follows the usual unix paradigm of open(2)
followed by mmap(2) of the shared libraries in question.  ld-elf.so.1
is invoked anew for every dynamically linked process that gets
exec(3)'d.

That means that any program started after the shared library has been
updated will mmap(2) the latest version.  Processes already running
end up with a file descriptor on the old version, although there's no
way to access that data from the filesystem.  (This is similar to a
cunning bit of Unix trickery, where a file is open(2)'d and then
unlink(2)'d, often used to provide temporary filespace that's
absolutely private to the process.)

So, yes, restarting sshd(8) after applying the patches, recompiling
and re-installing will nullify the vulnerability.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030918/a61ac131/attachment.bin

More information about the freebsd-questions mailing list