[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: List of bugs that *must* be fixed before releasing Slink



On Mon, Feb 01, 1999 at 12:05:27PM +0100, Richard Braakman wrote:
> Joey Hess wrote:
> > Wichert Akkerman wrote:
> > > > general           28850  gettext: security problem when used in setuid programs [0]  (debian-devel@lists.debian.org)
> > >
> > > Everyone who has a package with a setuid program or something that runs
> > > as root should check if it uses gettext, and if so recompile it with
> > > the latest gettext installed. Please not that this is not necessary for
> > > programs that use the gettext from libc6.
> >
> > Could a lintian check be written to check for this, perhaps?
>
> Not that I can think of.  How can I check if a binary is linked statically
> to gettext?  The binaries are stripped, so I don't have symbol information.

What about some strings output?

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation


--  
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Reply to: