Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Binary security updates

At 19:08 26/12/2002 -0500, Adrian Filipi-Martin wrote:
On Wed, 25 Dec 2002, Colin Percival wrote:
>    I've put together a basic binary updates tool aimed at people who want
> to track a security branch without keeping a source tree and
> recompiling.  I have tested this code to the best of my ability -- but
> since I only have one FreeBSD box (and it's on the other side of the
> world), that ability is rather limited.

        How do you deal with .a-files?  They may be identical excepting for
their table of contents and md5's don't look into the archive.

Assuming that the component object files are the same, .a files will be identical apart from the timestamps. There happens to be a timestamp for each object file, which (especially for libc) means an awful lot of timestamps; but my code happily finds all of them the same way as it deal with other timestamps. Files which do not contain any stamps are compared on the basis of their MD5 hashes; "polymorphic" files (those which contain stamps) are unstamped and then compared.

        Also did you run into anything with respect to other
archive/library file types?

Gzipped files need to be ungzipped before looking for / removing stamps, but those are the only files in the FreeBSD world which I needed to deal with specially; I can't say if other worlds would be so easily dealt with. I've been contacted by someone who is testing my code on OpenBSD and MicroBSD, but I haven't heard any results.

Colin Percival

To Unsubscribe: send mail to majordomo@xxxxxxxxxxx
with "unsubscribe freebsd-binup" in the body of the message