Subject: Fixed syslog(3) binaries for 1.0
To: None <port-i386@NetBSD.ORG>
From: Curt Sampson <curt@portal.ca>
List: port-i386
Date: 08/31/1995 21:16:03
Below is my announcement of a fixed set of binaries to solve the dreaded
syslog(3) security hole. It's running on one of my machines right now
and everything seems ok. If I've messed anything up, let me know right
away. :-)
cjs
--
Curt Sampson curt@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.
-----8<------8<-----cut here-----8<-----8<-----
Here's a tarball for NetBSD-1.0/i386 of the libraries and some
statically linked files compiled with a fixed version of syslog(3).
I just grabbed the most recent syslog (August 31st) from NetBSD-current
and plopped it in.
I've compiled a test program, both statically and dynamically
linked, which hands syslog a 3K string. In both cases it ends up
1K long in the syslog files and nothing seems to blow up.
The files included are:
-r--r--r-- bin/bin 453414 Aug 31 20:21 1995 usr/lib/libc.a
-r--r--r-- bin/bin 357959 Aug 31 20:21 1995 usr/lib/libc.so.12.0
-r--r--r-- bin/bin 550750 Aug 31 20:21 1995 usr/lib/libc_p.a
-r--r--r-- bin/bin 525308 Aug 31 20:21 1995 usr/lib/libc_pic.a
-r-xr-xr-x bin/bin 57344 Aug 31 20:20 1995 bin/date
-r-xr-xr-x bin/bin 110592 Aug 31 20:48 1995 sbin/halt
-r-x------ bin/bin 122880 Aug 31 20:48 1995 sbin/init
-r-xr-xr-x bin/bin 94208 Aug 31 20:48 1995 sbin/mount_nfs
-r-xr-xr-x bin/bin 143360 Aug 31 20:48 1995 sbin/mount_portal
-r-xr-xr-x bin/bin 163840 Aug 31 20:48 1995 sbin/mountd
-r-xr-xr-x bin/bin 73728 Aug 31 20:48 1995 sbin/newfs
-r-xr-xr-x bin/bin 61440 Aug 31 20:48 1995 sbin/nfsd
-r-xr-xr-x bin/bin 49152 Aug 31 20:48 1995 sbin/nfsiod
-r-xr-xr-x bin/bin 110592 Aug 31 20:48 1995 sbin/reboot
-r-xr-xr-x bin/bin 106496 Aug 31 20:48 1995 sbin/routed
-r-xr-xr-x bin/bin 61440 Aug 31 20:48 1995 sbin/savecore
-r-sr-x--- root/operator 114688 Aug 31 20:48 1995 sbin/shutdown
You'll note that from /sbin I've removed dmesg and added halt, as
compared to the list that Robert Dobbs posted. (Dmesg has the word
"syslog" in it, but it's in a comment, so I thought that it probably
wasn't too dangerous. :-)) From a look at some of these programs
I should think that they coudn't cause problems because they can't
generate syslog messages long enough (or from user input), but I
was too lazy to go through them properly so I just recompiled them
all.
You can get syslog_pkg.1.0.tar.gz from ftp.portal.ca in /pub/unix/NetBSD.
I've also put a copy in /pub/incoming on ftp.netbsd.org. The MD5
hash of the archive is:
MD5 (syslog_pkg.1.0.tar.gz) = 01665c0b9c4343713cdb5b72747e4ae4
Curt Sampson <curt@portal.ca>