Re: libsafe and Debian installation

[Shaya Potter <spotter@cs.columbia.edu>]

On Mon, 2002-04-22 at 12:46, Andrew Suffield wrote:
> On Mon, Apr 22, 2002 at 12:32:54PM -0400, Shaya Potter wrote:
> > Is there any good reason why an install of Debian should not ask the
> > user if they want to install libsafe, and give them reasons why they
> > would want to, and possibly not want to (overhead....)
> 
> Because no version of debian will release with it anytime soon;
> thusly, modifying any existing installer to do this would be
> premature.
> 
> > There are probably some other packages that also provide some real
> > security, in a very easy to do manner that we should give users the
> > option of using.  Just having the package available doesn't make
users
> > aware of it.
> > 
> > wondering what other people think,
> 
>     * #129345: libsafe: breaks libgtk1.3-common postinst
>     * #140144: libsafe: Bypassing libsafe format string protection
> 
> I think it's buggy.

The first bug is a possible problem.  But LD_PRELOAD in general can be
an issue.  i.e. using LD_PRELOAD with libgdkxft causes me serious issues
with building X and using imake (xmkmf) in general.  Because libgdkxft
breaks Imake for me, does that mean its buggy?  I think its more along
the lines of LD_PRELOAD and dynamic loading being buggy.  (as at least 2
seperate instances of ld_preload and libdl I now see as causing
problems)

on the 2nd bug, it was an actual bug in the library, that was fixed.

the current version is 2.0-13, the version in debian is 2.0-9 (debian
release -2)

shaya


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org