At 09:24 -0500 1999-02-17, Daniel Martin wrote:
Martin Schulze <joey@finlandia.Infodrom.North.DE> writes:shellutils was not part of the list Richard provided.More to the point, /bin/su links against gettext dynamically: cush:/mirror/JX-1.1.19/ACE/ACE_wrappers/ace$ nm -D /bin/su | grep bind U bindtextdomain
That's exactly why it doesn't appear in the list, because it uses the gettext in libc and is therefore safe.
Therefore, if the shared-library version of gettext is cleansed of (these) buffer overflows, /bin/su will be as well.
That'd be libc, which has been fixed for months. -- Joel Klecker (aka Espy) <URL:http://web.espy.org/> <URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org> Debian GNU/Linux PowerPC -- <URL:http://www.debian.org/ports/powerpc/>