In article <Pine.BSO.4.33.0203112131260.11537-100000@brained.org> hologram <holo@brained.org> wrote: >The following is a quick shell script to find suid binaries that are >potentially affected by the zlib vulnability (i.e., those dynamically >linked). > >-[snip]----------------------------------------------------------------- [snip again] I'm more concerned about *statically* linked binaries, since dynamically linked binaries should automagically use the patched libz when it is installed. # find / -type f -print0 |xargs -0 strings -af |grep '\(in\|de\)flate.*\(Gailly\|Adler\)' (Apologies to Gailly and Adler.) Besides the usual suspects (/usr/lib/libz*, etc.) here are some binaries I would consider "sensitive": > /bin/rpm > /sbin/install-info "Never install packages from untrusted sources" > /sbin/sash Understandable, sa == Stand-Alone > lots of stuff under /usr/X11R6/bin - of course > /usr/bin/rpm2cpio > /usr/bin/cvs So anoncvs can "fix" gcc to become like dmr's trusting-trust C compiler? > /usr/bin/rsync > /usr/lib/kaffe/libawt-1.0.6.so > some stuff under /usr/lib/perl5 > /usr/sbin/pppdump Now all you need to do is dial up and send some bogus compressed PPP? Unlimited ISP access? Neat! Bernd Jendrissek
