[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc (again)

Ian Murdock writes:

>On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
>releasing a system with an exploitable and (now) well-known security
>hole.  On the other hand, if we release Debian 0.93 with libc 4.7.4,
>we are releasing a system with a new and unreleased (!) library that
>cannot compile Motif programs and that has seen little practical use.
>What in the world should we do about this!?!  Any ideas?

How much effort would it be to patch libc 4.6.27?  I assume from the
fact that you haven't just done it that it isn't trivial.  Is a patch
available anywhere or is everybody supposed to live on the bleeding
edge of 4.7.4 these days?

I'm downloading the Debianised source for 4.6.27-5 now, but I've not
even looked at the libc source before so don't expect too much from

>I do have good news: Richard Stallman told me last week that GNU libc
>has just been ported to Linux.  I suggest we start using that as soon
>as we change to ELF.

If it's `just' been ported is it any more stable than 4.7.4?  (I
have never used 4.7.4, I have only hearsay to go on.)

Richard Kettlewell                 <URL:http://www.elmail.co.uk/staff/richard/>
Home+work: <richard@elmail.co.uk>
Home only: <richard@sfere.elmail.co.uk>

Reply to: