Subject: Re: Dynamically Linked NetBSD-Current
To: None <current-users@netbsd.org>
From: David Laight <david@l8s.co.uk>
List: current-users
Date: 12/14/2002 10:42:06
On Fri, Dec 13, 2002 at 10:22:34PM -0500, Dan Melomedman wrote:
> > Another thing that I remember about that OpenBSD security advisory
> > (and this was a while ago now) was that, at least initially, they told
> > you to recompile the effected statically linked binaries but they
> > didn't mention which ones were actually effected. This was why I
> > immediately perked up when I heard about this.
> 
> Probably because they were too lazy to find what was affected in the
> distribution.

It is all too hard!  How would you know which bits installed from
pkgsrc used the 'broken' function.

Reminds me of trying to track down the final program that had the
broken version of the utmp update routines linked to it.
This was a commercial unix and the offending program could have
come from a 3rd party.

	David

-- 
David Laight: david@l8s.co.uk