Subject: Re: NetBSD Security Advisory 2001-016: unsafe chdir usage in fts(3)
To: NetBSD Security Officer <security-officer@netbsd.org>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 09/06/2001 13:57:57
The instructions here don't (quite?) work.  I'll focus on the 1.5 
version, but I think there are bugs in the others as well.

First, 'patch' says that it can't find the file.  I suspect that I have 
to use -p3.  Second, will that 'make' recompile the entire world, or 
just libc?  I'd guess the former -- shouldn't there be a 'cd lib/libc'
before the make?

Finally -- and this ties in to another thread -- this is no way to run 
an airline.  At least for "supported" systems, it would be nice to have 
a tarball with the recompiled libc plus the static binaries listed 
below.  In fact, it's not just nice, it's essential, since everyone 
with more than one machine will now need to create such tarballs for 
themselves.  (Multiple architectures?  Of course there are multiple 
architectures.  How do you know the code works, or even compiles, on 
those architectures if you haven't tried it?)  I also note that FreeBSD 
has an experimental binary patch facility, and OpenBSD has a cumulative 
tarball with all patches.

>
>* NetBSD 1.5, 1.5.1:
>
>	Systems running NetBSD releases up to and including 1.5.1 should
>	apply the following patch (with potential offset differences):
>		ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-016-fts
>-1.5.patch
>
>	To patch, re-build and re-install libc
>		# cd /usr/src
>		# patch < /path/to/SA2001-016-fts.patch
>		# make cleandir dependall install
>
>
>	The following static binaries must also be rebuilt for the fix
>	to be complete:
>		/bin/chmod /bin/cp /bin/ksh /bin/ls /bin/pax /bin/rm
>		/sbin/dump /sbin/dump_lfs



		--Steve Bellovin, http://www.research.att.com/~smb