[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc (again)

   From: andrew@kryten.it.com.au (Andrew Howell)
   Date: Wed, 13 Sep 1995 00:32:18 +0800 (WST)

   > On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
   > releasing a system with an exploitable and (now) well-known security
   > hole.  On the other hand, if we release Debian 0.93 with libc 4.7.4,
   > we are releasing a system with a new and unreleased (!) library that
   > cannot compile Motif programs and that has seen little practical use.
   > What in the world should we do about this!?!  Any ideas?

   Like it's been suggested before, try and patch 4.6.27 to fix the
   security hole.

I'm afraid I don't have time to do this.  Would anyone be interested
in looking at this possiblity?  I've been told its impossible, but I
don't see why it would be.

   > I do have good news: Richard Stallman told me last week that GNU libc
   > has just been ported to Linux.  I suggest we start using that as soon
   > as we change to ELF.

   >From what I read on linux-gcc it's just been done and not guaranteed
   to be working, certainly I would be worried about using something that
   has just been ported when it's a C library.

Right--we can't use it *now*, anyway, because it doesn't support a.out.

Reply to: