'Re: [gentoo-hardened] hardened-gcc mission critical update 1.5'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] hardened-gcc mission critical update 1.5
From:       Ned Ludd <solar () gentoo ! org>
Date:       2003-08-18 3:07:15
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


On Sun, 2003-08-17 at 12:03, Alexander Gabert wrote:
[snip]

So after reading this I thought to myself I don't want to update my
entire world again so I wrote a little shell script to search everything
in my path to look for what you said, however interestingly enough I
could not find a single program which had it's .interp section linked to
/lib/ld-2.3.2.so as you described. 
I'm currently using hardened-gcc-1.4 and I assume that this bug is only
present in ~hppa 

Attached is a script I used to try and locate broken packages.

> 
> this is the old behaviour which will bring massive problems when glibc
> is updated:
> 17:56:24 pappy@crusade pappy $ readelf -a /bin/ping | grep -i interp
>   INTERP         0x00a328 0x0000a328 0x0000a328 0x00011 0x00011 R   0x1
>       [Requesting program interpreter: /lib/ld-2.3.2.so]
> 
> the new update-proof behaviour:
> 17:56:29 pappy@crusade pappy $ readelf -a /usr/bin/ssh | grep -i interp
>   INTERP         0x0000f4 0x000000f4 0x000000f4 0x00026 0x00026 R   0x1
>       [Requesting program interpreter: /lib/ld-linux.so.2]
> 
> Remember that on hppa the softlink is not the same but the ebuild will
> take care once hppa is getting another glibc bug fixed concerning %r19.
> 
> Every user of hardened-gcc should emerge the new hardened-gcc and then
> emerge --emptytree --update --verbose world to make sure no single
> program is using the old interpreter link any more.
> 
> this is a "forward bug" warning which will have no effect until the
> glibc and the ld stays the same - but please take care.
> 
> 
> Alex
> 
> 
> 
> --
> gentoo-hardened@gentoo.org mailing list
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)

["find_broken_gcc_pkgs.sh" (find_broken_gcc_pkgs.sh)]

cd /

for fpath in `echo $PATH | tr : '\n'  | sort  | uniq` ; do
	if [ -d $fpath -a "$fpath" != "." ] ; then 
        	echo "Searching: $fpath"
        	find $fpath -type f -exec file '{}' \; | grep "ELF" |grep "shared object" | \
cut -d : -f 1 | while read fname; do  broke=`readelf -a $fname | grep "Requesting \
program interpreter:" | cut -d : -f 2 | tr '], ' '\n' | grep -v ^$`  [ "$broke" != \
"/lib/ld-linux.so.2" -a "${broke}" != "" ] && echo "Please reinstall ${fname} : \
${broke}"  done
	fi
done


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic