[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc (again)

Ian Murdock writes:
> I'm completely at a loss as to what to do about libc.  It's too bad
> the consequences weren't considered when the powers that be made the
> decision to release ELF libc without first releasing a stable a.out
> libc.  Because of this lack of foresight on their part, we're really
> in a pickle.
> On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
> releasing a system with an exploitable and (now) well-known security
> hole.  On the other hand, if we release Debian 0.93 with libc 4.7.4,
> we are releasing a system with a new and unreleased (!) library that
> cannot compile Motif programs and that has seen little practical use.
> What in the world should we do about this!?!  Any ideas?

Like it's been suggested before, try and patch 4.6.27 to fix the
security hole.

> I do have good news: Richard Stallman told me last week that GNU libc
> has just been ported to Linux.  I suggest we start using that as soon
> as we change to ELF.

>From what I read on linux-gcc it's just been done and not guaranteed
to be working, certainly I would be worried about using something that
has just been ported when it's a C library.


Dehydration - 34%, Recollection of previous evening - 2%, embarrassment
factor - 91%.  Advise repair schedule:- off line for 36 hours, re-boot
startup disk, and replace head - wow, what a night!
                -- Kryten in Red Dwarf `The Last Day'

Andrew Howell				               andrew@it.com.au 
Perth, Western Australia		      howellaa@cs.curtin.edu.au 

Reply to: