[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] New Sendmail vulnerability :o(
- Subject: Re: [cobalt-security] New Sendmail vulnerability :o(
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 31 Mar 2003 21:56:34 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Dan,
> Forgive my ignorance... What's an SRPM file?
Some popular Linux distributions use RPM files to install applications. RPM
stands for "RedHat Package Manager" and the Sun Cobalt RaQs use the RPM
mechanism, too.
RPMs are available in two forms: RPMs and SRPMs.
The SRPM contains the sourcecode and patches and a so called "spec" file which
contains instructions on how to compile and how to install the files. An SRPM
doesn't contain any ready to run code. The prepended "S" stands for "Source".
RPMs are built from such SRPMs. The SRPM contends are compiled to match the
architecture of the given system. The resulting RPM files can then be
installed on any server which has the same architecture and the same
software. So any RPM built on a RaQ4 can be installed on any other RaQ4
provided they don't differ that much in regards to Sun Cobalt patches or
third party modifications.
I created the unofficial Sendmail patches by downloading the SRPM files which
Sun Cobalt used to create the Sendmail RPMs. Most of 'em are available on
ftp.cobalt.com and all needed to do was to inmplement the two patches which
the Sendmail Consortium released to counter the recent vulnerabilities.
However, for the RaQ2 there is no recent enough Sendmail SRPM available, so I
couldn't build a patched RPM for the RaQ2.
--
With best regards,
Michael Stauber