On Thu, 2002-10-03 at 02:24, Gerald Waugh wrote: > <off-list> > I want to buy a raq550, where did you get yours? > </off-list>
Yesterday I installed 550 software on a raq3, and there are good news and bad news, and both are on-topic on this list ;) The good news is that the system comes with openssl package installed, and everything is linked *dynamically* against openssl shared libraries. "Everything" is ssh (it comes with the system), mod_ssl, wget, and possibly some other utilities. The bad news is that openssl is ancient, and that shared libraries use soversion 1. Because native openssl distribution use soversion 0, and recent redhat RPMs - soversion 2, there is no straight way to upgrade. You will have to either create symlinks by hand in /usr/lib and pray that ldconfig does not break them on the next run, or tweak SRMP spec file and soversion patch. Also, ssh insists on specific openssl library version and will not work if you replace shared library with a newer version. This is less of a problem because you will want to reinstall openssh anyway: shipped version is 2.9.something :-( Of course some of the recent openssl bugs *may* be non-exploitable on a '550 due to it's stack overflow prevention hacks, but I would not bet on that... and bringing it up to date looks even harder than older raq's. On a bright side, the system apparently comes with a stack overflow protection hack (non-executable stack patch? Don't know exectly) and some intrusion detection thing based on IP traffic analysis. Another observation (offtopic): '550 web interface is even more fragile than that of older products. Once you switch to another tab in your browser and then come back, you find yourself on the section entry screen instead of the screen that you left. May be a browser bug but IMO good web interface should not rely on such subtleties. Eugene P.S. If you try to do the same as I did, don't forget that you'd most certainly need to reprogram flash bios. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
