On Mon, Mar 04, 2002 at 11:21:35PM -0500, Sam Hartman wrote: > I additionally propose that significant libraries that link against db > be relinked to include the symbol versions. In particual, I propose > that at least libsasl, libnss-db, and libpam be rebuilt. I'm not > actually sure it matters for libpam but it probably couldn't hurt. From what I see, the only PAM module that uses libdb is pam_userdb, and that isn't a module used by default (or even as a most frequent non-default). Still, there's nothing in the way PAM links that would prevent this problem from affecting PAM modules as well, and as you say, it couldn't hurt. > Disadvantages > 1) Symbol versions are somewhat complex to understand However, they are already a part of our distribution, as glibc makes heavy use of them. > 2) Symbol versions only work if you rebuild all the libraries > involved. An unversioned symbol takes precidence over any > versioned symbol . So we are depending on anyone who might > generate a symbol conflicting with DB to version their symbol. We > implicitly also depend on future versions of db to be have > versioned symbols. Of all the available solutions, I believe versioned symbols are the most forward-looking solution and the one that requires the /least/ number of recompiles of existing packages. And as you say, it's the only solution that's likely to work. Looks like a plan... Cheers, Steve Langasek postmodern programmer
Attachment:
pgpwzAIkbCwVH.pgp
Description: PGP signature