Subject: security/7410: recursive "make UPDATE= build"'s install wrong binaries
To: None <gnats-bugs@gnats.netbsd.org>
From: Frederick Bruckman <fb@enteract.com>
List: netbsd-bugs
Date: 04/17/1999 12:20:54
>Number: 7410
>Category: security
>Synopsis: recursive "make UPDATE= build"'s install wrong binaries
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: security-officer (NetBSD Security Officer)
>State: open
>Class: support
>Submitter-Id: net
>Arrival-Date: Sat Apr 17 12:20:00 1999
>Last-Modified:
>Originator: Frederick Bruckman
>Organization:
>Release: Sat Apr 16, 1999
>Environment:
System: NetBSD corwin.home 1.4_ALPHA NetBSD 1.4_ALPHA (CORWIN) #19:
Fri Apr 16 10:08:02 CDT 1999 root@:
/usr/src/sys/arch/mac68k/compile/CORWIN mac68k
>Description:
`make UPDATE= build', fails to install the domestic versions of
init, ed, telnetd, and libcrypt, libntp, and libtelnet after the
third try or so. Here's why. Consider "init". The first time
through, on a fully populated tree, every program is linked
against the new libs, so "install -p ..." in the exportable tree
permits the newer, domestic binary to be installed. After a few
passes, the exportable version gets re-linked against the new
libcrypt, but the domestic is already, so the UPDATE= causes
the latest "init", the exportable, to predominiate.
Needless to say, this makes UPDATE= practically useless for
the purpose of, say, applying security patches to an existing,
fully populated, source tree.
>How-To-Repeat:
Run `make UPDATE= build' repeatedly on a source tree that
includes the domestic sources. Notice that you end up installing
the exportable versions of init and others after some number of
times.
>Fix:
What's needed is to include a dependency, in the domestic
makefile, on the exportable binary for all programs subject to
this problem. The patches below introduce a flag in the domestic
build directory which tracks the modification time of the
exportable target. There are only two examples here, one for a
program and and one for a library. The others cases should respond
easily to similar treatment.
--- /usr/src/domestic/sbin/init/Makefile.orig Tue Jan 13 06:22:01 1998
+++ /usr/src/domestic/sbin/init/Makefile Sat Apr 17 11:42:43 1999
@@ -3,6 +3,7 @@
PROG= init
NOMAN=
+DPSRCS= EXPORT_CHECK
DPADD= ${LIBUTIL}
LDADD= -lutil
BINMODE=544
@@ -16,5 +17,15 @@
LDADD+= ${CRYPTLIBDIR}/libcrypt.a
DPADD+= ${CRYPTLIBDIR}/libcrypt.a
+
+EXPORT_SRC=${.CURDIR}/../../../sbin/init
+.BEGIN:
+ @if [ -f ${EXPORT_SRC}/${PROG} ] ; then \
+ touch -r ${EXPORT_SRC}/${PROG} EXPORT_CHECK ; \
+ elif [ -f ${EXPORT_SRC}/obj/${PROG} ] ; then \
+ touch -r ${EXPORT_SRC}/obj/${PROG} EXPORT_CHECK ; \
+ elif [ ! -f EXPORT_CHECK ] ; then \
+ touch EXPORT_CHECK ; \
+ fi
.include <bsd.prog.mk>
--- /usr/src/domestic/lib/libntp/Makefile.orig Sat Sep 12 06:04:22 1998
+++ /usr/src/domestic/lib/libntp/Makefile Sat Apr 17 10:52:06 1999
@@ -13,9 +13,20 @@
auth12crypt.c atouint.c atolfp.c atoint.c adjtime.c a_md5encrypt.c \
a_md5decrypt.c a_md512crypt.c
SRCS += version.c
+DPSRCS += COMMON_CHECK
CPPFLAGS+=-DHAVE_CONFIG_H -I${.CURDIR}/../../../usr.sbin/xntp/include
.PATH.c: ${.CURDIR}/../../../lib/libntp
.PATH.h: ${.CURDIR}/../../../lib/libntp
+
+COMMON_DIR= ${.CURDIR}/../../../lib/libntp
+.BEGIN:
+ @if [ ! -f COMMON_CHECK ] ; \
+ then \
+ touch COMMON_CHECK ; \
+ elif [ `find ${COMMON_DIR} -follow -name "libntp*" -newer COMMON_CHECK -type f` ] ; \
+ then \
+ touch COMMON_CHECK ; \
+ fi
.include <bsd.lib.mk>
>Audit-Trail:
>Unformatted: