On Mon, Jun 24, 2013 at 03:36:24PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 06/24/13 15:11, Miroslav Lachman wrote: > [...] > > The patch seems really simple and I know how to apply it, but I am > > not able to compile and install only fixed sftp command instead of > > the whole userland. Can you push me to the right direction? > > I think you can go to /usr/src/secure/usr.bin/sftp and do: > > make depend > make > > Then, as root: > > make install > > I usually do a full world build to make sure that this doesn't break > something else but this change should only affect sftp(1).
I'm going to make this real simple: Is the problem with symlinks in the client (sftp(1)), in the server (sftp-server(8)), or both? The impression I get from the original post that started this thread is that it's in the server part. So, I believe he'd want to poke about in src/secure/libexec/sftp-server. However, that may not be enough, due to the fact that sftp-server(8) depends (links to) libssh.so.X, libcrypt.so.X, and libcrypto.so.X. I do not know where the actual broken code lies. Someone on -security might know exactly what all needs to be built/what commands need to be run, but I will tell you this up front: The official security announcements for SSL or SSH-related things have historically told people to build world. I went and read the mailing list archives for -security-announcements and found proof/examples of this fact when issues pertain to SSL or SSH. My recommendation is just to build world. Don't risk it -- this is a key piece of your system, all you're trying to do is save some time. Don't. Just build/install world and don't screw around. -- | Jeremy Chadwick j...@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB | _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
