what actually uses xdr_mem.c?

D J Hawkey Jr hawkeyd at visi.com
Wed Mar 26 14:15:40 PST 2003


On Mar 26, at 02:47 PM, Uros Juvan wrote:
> 
> Idea is cool, but it just won't work on staticaly linked files, you can 
> test this with:
> 
> # readelf -a /bin/ls

Oh, man!

It seems as though my command requires that a statically-linked binary
has "relocation sections" (whatever they are), at the very least.

> I don't think there is 100% way of telling whether staticaly linked file 
> is linked against vulnerable xdr_mem.o, especially because obviously 
> rcsid string is undefined in source file.
> Exept of course searching for machine bytes composing vulnerable code :)

It appears that you're correct. Bummer for me, as I've put out that
command a couple of times now. I _hate_ looking stupid in public,
especially when I think I've done something really smart.  :-(

> Regards,
> Uros Juvan

Thanks for hitting me with the Clue Stick. I'll shut up now.
Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd at visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/



More information about the freebsd-security mailing list