Re: List of bugs that *must* be fixed before releasing Slink
- To: Richard Braakman <dark@xs4all.nl>
- Cc: Joey Hess <joey@kitenet.net>, debian-devel@lists.debian.org, debian-qa@lists.debian.org, debian-testing@lists.debian.org
- Subject: Re: List of bugs that *must* be fixed before releasing Slink
- From: Ben Collins <bmc@visi.net>
- Date: Mon, 1 Feb 1999 08:02:06 -0500
- Message-id: <[🔎] 19990201080206.L14190@visi.net>
- Mail-followup-to: Richard Braakman <dark@xs4all.nl>, Joey Hess <joey@kitenet.net>, debian-devel@lists.debian.org, debian-qa@lists.debian.org, debian-testing@lists.debian.org
- In-reply-to: <[🔎] E107HAV-0008B1-00@night>; from Richard Braakman on Mon, Feb 01, 1999 at 12:05:27PM +0100
- References: <[🔎] 19990131224422.R530@kitenet.net> <[🔎] E107HAV-0008B1-00@night>
On Mon, Feb 01, 1999 at 12:05:27PM +0100, Richard Braakman wrote:
> Joey Hess wrote:
> > Wichert Akkerman wrote:
> > > > general 28850 gettext: security problem when used in setuid programs [0] (debian-devel@lists.debian.org)
> > >
> > > Everyone who has a package with a setuid program or something that runs
> > > as root should check if it uses gettext, and if so recompile it with
> > > the latest gettext installed. Please not that this is not necessary for
> > > programs that use the gettext from libc6.
> >
> > Could a lintian check be written to check for this, perhaps?
>
> Not that I can think of. How can I check if a binary is linked statically
> to gettext? The binaries are stripped, so I don't have symbol information.
What about some strings output?
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc. bcollins@debian.org
------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
Reply to: