Opened on 04/26/12 at 13:28:40
Closed on 08/14/17 at 00:37:03
#2058 closed defect (wontfix)
RPC library audit required
Reported by: | Sebastian Huber | Owned by: | Eric Norum |
---|---|---|---|
Priority: | low | Milestone: | 4.11.2 |
Component: | network/legacy | Version: | 4.11 |
Severity: | critical | Keywords: | |
Cc: | ralf.corsepius@… | Blocked By: | |
Blocking: |
Description (last modified by Sebastian Huber)
The RPC library needs an audit to verify that it is up to data. Some security problems existed in the SUN implementation, e.g
http://www.cert.org/advisories/CA-2003-10.html
Maybe it makes sense to use the recent FreeBSD or OpenBSD version.
Change History (5)
comment:1 Changed on 04/26/12 at 13:37:54 by Ralf Corsepius
Cc: | Ralf Corsepius added |
---|
comment:2 Changed on 04/27/12 at 07:07:45 by Sebastian Huber
comment:3 Changed on 11/24/14 at 18:58:28 by Gedare Bloom
Version: | HEAD → 4.11 |
---|
Replace Version=HEAD with Version=4.11 for the tickets with Milestone >= 4.11
comment:4 Changed on 12/18/14 at 11:13:38 by Sebastian Huber
Description: | modified (diff) |
---|---|
Milestone: | 4.11 → 5.0 |
Priority: | normal → low |
Severity: | normal → critical |
comment:5 Changed on 08/14/17 at 00:37:03 by Chris Johns
Milestone: | 5.0 → 4.11.2 |
---|---|
Resolution: | → wontfix |
Status: | new → closed |
This will not be fixed in the legacy stack. Use the newer libbsd stack.
Note: See
TracTickets for help on using
tickets.
Ok, maybe its worth to use the Newlib RPC version. Another option is to look at the 16-bit changes and merge them into the current FreeBSD or OpenBSD version. The cited problem is probably not the only one.