Re: libc (again)
From: andrew@kryten.it.com.au (Andrew Howell)
Date: Wed, 13 Sep 1995 00:32:18 +0800 (WST)
> On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
> releasing a system with an exploitable and (now) well-known security
> hole. On the other hand, if we release Debian 0.93 with libc 4.7.4,
> we are releasing a system with a new and unreleased (!) library that
> cannot compile Motif programs and that has seen little practical use.
>
> What in the world should we do about this!?! Any ideas?
Like it's been suggested before, try and patch 4.6.27 to fix the
security hole.
I'm afraid I don't have time to do this. Would anyone be interested
in looking at this possiblity? I've been told its impossible, but I
don't see why it would be.
> I do have good news: Richard Stallman told me last week that GNU libc
> has just been ported to Linux. I suggest we start using that as soon
> as we change to ELF.
>From what I read on linux-gcc it's just been done and not guaranteed
to be working, certainly I would be worried about using something that
has just been ported when it's a C library.
Right--we can't use it *now*, anyway, because it doesn't support a.out.
Reply to: