Re: resolv and dynamic linking to compat libc
From: Brett Glass (brett@lariat.org)
Date: 07/02/02
- Next message: Brett Glass: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
- Previous message: Ramsey G. Brenner: "Re: Making a firewall more closed"
- In reply to: Jacques A. Vidrine: "Re: resolv and dynamic linking to compat libc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 01 Jul 2002 21:04:50 -0600 To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> From: Brett Glass <brett@lariat.org>
At 12:22 PM 7/1/2002, Jacques A. Vidrine wrote:
>Gee, I guess we better get cracking to take offline every previous
>version of libc, too --- which would mean every version of FreeBSD and
>who knows what else.
Alas, ethics demand that they be either taken offline or accompanied
with a clear, visible, and strong warning.
And if compatibility libraries are offered, then yes -- they
absolutely should be patched.
If you don't, you're distributing vulnerable software, which is
not ethical.
>How about you help out by enumerating every copy on the Internet,
>along with contact information for each?
As if you could take those down. But what you *CAN* do is take
down vulnerable software and/or accompany by an impossible-to-miss
warning.
A snapshot of 4.6-STABLE should also be made and released as 4.6.1.
--Brett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Brett Glass: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
- Previous message: Ramsey G. Brenner: "Re: Making a firewall more closed"
- In reply to: Jacques A. Vidrine: "Re: resolv and dynamic linking to compat libc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
