Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind

From: KIMURA Yasuhiro (yasu@utahime.org)
Date: 11/18/02 

Date: Mon, 18 Nov 2002 10:22:18 +0900 (JST)
To: freebsd-security@freebsd.org
From: KIMURA Yasuhiro <yasu@utahime.org>

>>>>> FreeBSD Security Advisories <security-advisories@FreeBSD.org> wrote:

> V. Solution
(snip)
> 2) To patch your present system:
(snip)
> b) Execute the following commands as root:
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/kerberos5/libexec/k5admind
> # make depend && make all install
> # cd /usr/src/kerberosIV/usr.sbin/kadmind
> # make depend && make all install

I tried instructions above on my 4.7-RELEASE pc and failed to build
k5admind and kandmind.

sugar# cd /usr/src/kerberos5/libexec/k5admind/
sugar# make depend && make all install
mkdir kadm5
cp /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/private.h kadm5/private.h
cp /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/admin.h kadm5/admin.h
test -e /usr/src/kerberos5/libexec/k5admind/kadm5_err.et || ln -sf /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/kadm5_err.et
compile_et kadm5_err.et
cd /usr/src/kerberos5/libexec/k5admind/kadm5 && ln -sf ../kadm5_err.h
rm -f .depend
mkdep -f .depend -a -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/include -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/roken -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/krb5 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/asn1 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/sl -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin -I/usr/src/kerberos5/libexec/k5admind/../../lib/libasn1 -I/usr/src/kerberos5/libexec/k5admind/../../lib/libhdb -I/usr/src/kerberos5/libexec/k5admind -I/usr/src/kerberos5/libexec/k5admind/../../include -DHAVE_CONFIG_H -DKRB5_KRB4_COMPAT -DKRB4 -DINET6 /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.
 c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c:33:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c:33:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
mkdep: compile failed
*** Error code 1

Stop in /usr/src/kerberos5/libexec/k5admind.
sugar# cd /usr/src/kerberosIV/usr.sbin/kadmind/
sugar# make depend && make all install
rm -f .depend
mkdep -f .depend -a -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/include -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/roken -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/sl -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/acl -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/kadm -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/kdb -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/krb -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin -I/usr/src/kerberosIV/usr.sbin/kadmind/../../lib/libkadm -I/usr/src/kerberosIV/usr.sbin/kadmind/../../lib/libkrb -I/usr/src/kerberosIV/usr.sbin/kadmind/../include -I/usr/src/kerberosIV/usr.sbin/kadmind/../../include -DHAVE_CONFIG_H -I/usr/src/kerberosIV/usr.sbin/kadmind/../../include -DBINDIR=\"/usr/bin\" -DSBINDIR=\"/usr/sbin\" -DLIBEXECDIR=\"/usr/libexec\" /usr/src/ker
 berosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_server.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_funcs.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/admin_server.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_ser_wrap.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/pw_check.c
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_server.c:26:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_funcs.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/admin_server.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_ser_wrap.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/pw_check.c:34:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
mkdep: compile failed
*** Error code 1

Stop in /usr/src/kerberosIV/usr.sbin/kadmind.
sugar#

Are there anything else that I should do to patch my 4.7R system?

And one more question. This adovisary says:

> The k5admind server is installed as part of the `krb5' distribution,
> or when building from source with MAKE_KERBEROS5 set. The kadmind
> server is installed as part of the `krb4' distribution, or when
> building from source with MAKE_KERBEROS4 set. Neither is installed by
> default.

But both k5admind and kadmind are installed on my 4.7R systems.

sugar# ls -l /usr/sbin/kadmind
-r-xr-xr-x 1 root wheel 21808 Oct 9 21:51 /usr/sbin/kadmind
sugar# ls -l /usr/libexec/k5admind
-r-xr-xr-x 1 root wheel 19704 Oct 9 21:55 /usr/libexec/k5admind
sugar#

I selected "X-Developer" when I install these systems. Isn't it the
"default installation" describled above? 

---
KIMURA Yasuhiro
Mail: yasu@utahime.org
WWW:  http://www.utahime.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: TCPIP5.4 patch 5 problem
    ... Seem to me that it would be a trivial matter for the patch to produce message ... then PRODUCT INSTALL TCPIP and then PRODUCT ... TCPIP V5.4 is not supported on OpenVMS Alpha V7.3 ...
    (comp.os.vms)
  • Whats up with patch 119728-01 for Solaris 10?
    ... every time I run 'smpatch update' on Solaris 10 machines, ... Failed to install the patch. ...
    (comp.unix.solaris)
  • Re: Cant Install Perl as Non-Root
    ... So how do I patch Dynaloader? ... Apply this patch with patch -p0 <cwd.patch from in the perl source ... install XS modules sucessfully, and make sure you don't upgrade ...
    (comp.lang.perl.misc)
  • Re: KB835732 Nightmare
    ... How can I find out when they issue a patch if it will bite me ... Don't install new patches immediately. ...
    (microsoft.public.win2000.windows_update)
  • Re: uplcom write:Device not configured
    ... I haven't seen this problem, on 7.x install on the same machine, ... I did not try your patch. ... Also try to use an external USB HUB. ... http://martenvijn.nl/trac/wiki/soas Sugar on a Stick ...
    (freebsd-current)