Skip to main content.

2002-Oct-02

I moved all the files under my DESTDIR and tried to rebuild with the build.sh -u switch, but it failed.

A complete build again took 80 minutes.

After updating one libkvm file (to make binary update), the update only took less than eight minutes: "time ./build.sh -u -U -D /home/src/netbsd-1.6".

Learning more about pax's mtree capability. It must have each directory defined ahead of time, or you'll get a "No such file or directory" error. For example:

reed@www:/home/src/netbsd-1.6$ pax -w -z -M > ~/files.tar.gz
. type=dir optional
./usr type=dir optional
./usr/lib type=dir optional
./usr/lib/libkvm.a type=file mode=0444 uname=root gname=wheel time=1033580422.50000
reed@www:/home/src/netbsd-1.6$ tar tvzf ~/files.tar.gz
-r--r--r-- root/wheel    24376 Oct  2 10:40 2002 ./usr/lib/libkvm.a
Also, if you don't use "optional" then it will create those directories in the tar file too.

sendmail's smrsh has security hole:

reed@www:~/binary-update$ echo "echo unauthorized execute" > /tmp/unauth
reed@www:~/binary-update$ /usr/libexec/smrsh -c ". || . /tmp/unauth || ."
/usr/libexec/sm.bin/.: permission denied
unauthorized execute
After patch (partially based on http://www.sendmail.org/patches/smrsh-20020924.patch):
reed@www:~/binary-update$ ~src/netbsd-1.6/usr/libexec/smrsh -c ". || . /tmp/unauth || ."
/home/src/netbsd-1.6/usr/libexec/smrsh: . not available for sendmail programs (not a file)
It also has another vulnerability:
$ /usr/libexec/smrsh -c "././ /bin/hostname"
www.kibservices.net
But fixed too:
$ /usr/libexec/smrsh -c "././ /bin/hostname"
/usr/libexec/smrsh:  not available for sendmail programs (not a file)

My send-pr for smrsh is: security/18516. (Next day, this was done for 1.5 and 1.6, but not pkgsrc yet. Closed later on.)