[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

what actually uses xdr_mem.c?



On Wed, 26 Mar 2003, Jacques A. Vidrine wrote:

> It also will fail you in this case.  Since (most) affected binaries do
> not call xdrmem_* directly, those names will not appear in the
> binaries' symbol tables.  (Although related names might, which may or
> may not be enough for you to go on.)

That is why I was wondering if anyone knew what actually uses the
functions that had security issues :)

On Wed, 26 Mar 2003, Jacques A. Vidrine wrote:

> > The recent XDR fixes the xdrmem_getlong_aligned(),
> > xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
> > xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
> > functions, but it is difficult to know what uses these (going backwards
> > manually).
>
> You'll never find it starting with those :-)  Rather, look for uses of
> xdrmem_create.

I understand. (I already couldn't find any of those functions used by
anything else other than xdrmem_create.) That is my point: it is hard to
tell what uses what.

> Well, not _only_ for RPC, but certainly RPC is the big consumer.
> Almost any RPC application will also be using an xdrmem stream.
> Depending upon the data types marshalled through the stream, one of
> the affected routines may be called.
>
> Other applications could also use XDR directly, such as to serialize
> data for storage.  I don't think this is very common.

Thanks for the explanation. (Now to figure out what is actually effected.)

> Have a look at Colin Percival's binary updates stuff.  He believes he
> has overcome these issues.

I will look at it closer. (But I was told off-list that it didn't.
Nevertheless, it would be nice to find a way to automate this.)

> Also, one can pull out the `relevant' ELF sections, and compare those
> for a pretty good picture.  You could use objcopy.  I've used libelf
> to do the same.

Thanks for the ideas. I will give these a try. I see libelf is a library
for manipulating ELF -- is there a tool that uses it (like Solaris
pvs(1))?

   Jeremy C. Reed
   http://bsd.reedmedia.net/




Visit your host, monkey.org