[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Binary security updates
At 19:08 26/12/2002 -0500, Adrian Filipi-Martin wrote:
On Wed, 25 Dec 2002, Colin Percival wrote:
> I've put together a basic binary updates tool aimed at people who want
> to track a security branch without keeping a source tree and
> recompiling. I have tested this code to the best of my ability -- but
> since I only have one FreeBSD box (and it's on the other side of the
> world), that ability is rather limited.
How do you deal with .a-files? They may be identical excepting for
their table of contents and md5's don't look into the archive.
Assuming that the component object files are the same, .a files will be
identical apart from the timestamps. There happens to be a timestamp for
each object file, which (especially for libc) means an awful lot of
timestamps; but my code happily finds all of them the same way as it deal
with other timestamps.
Files which do not contain any stamps are compared on the basis of their
MD5 hashes; "polymorphic" files (those which contain stamps) are unstamped
and then compared.
Also did you run into anything with respect to other
archive/library file types?
Gzipped files need to be ungzipped before looking for / removing stamps,
but those are the only files in the FreeBSD world which I needed to deal
with specially; I can't say if other worlds would be so easily dealt with.
I've been contacted by someone who is testing my code on OpenBSD and
MicroBSD, but I haven't heard any results.
To Unsubscribe: send mail to majordomo@xxxxxxxxxxx
with "unsubscribe freebsd-binup" in the body of the message