Re: libc (again)
Ian Murdock writes:
>
> I'm completely at a loss as to what to do about libc. It's too bad
> the consequences weren't considered when the powers that be made the
> decision to release ELF libc without first releasing a stable a.out
> libc. Because of this lack of foresight on their part, we're really
> in a pickle.
>
> On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
> releasing a system with an exploitable and (now) well-known security
> hole. On the other hand, if we release Debian 0.93 with libc 4.7.4,
> we are releasing a system with a new and unreleased (!) library that
> cannot compile Motif programs and that has seen little practical use.
>
> What in the world should we do about this!?! Any ideas?
Like it's been suggested before, try and patch 4.6.27 to fix the
security hole.
> I do have good news: Richard Stallman told me last week that GNU libc
> has just been ported to Linux. I suggest we start using that as soon
> as we change to ELF.
>From what I read on linux-gcc it's just been done and not guaranteed
to be working, certainly I would be worried about using something that
has just been ported when it's a C library.
Andrew
-----------------------------------------------------------------------
Dehydration - 34%, Recollection of previous evening - 2%, embarrassment
factor - 91%. Advise repair schedule:- off line for 36 hours, re-boot
startup disk, and replace head - wow, what a night!
-- Kryten in Red Dwarf `The Last Day'
Andrew Howell andrew@it.com.au
Perth, Western Australia howellaa@cs.curtin.edu.au
Reply to: