On Thu February 2 2006 19:32, Herbert Poetzl wrote:
> On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote:
> > On Thu February 2 2006 14:09, Herbert Poetzl wrote:
> > > On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote:
> > > > >
> > > > >
> > > > > really depends on the dietlibc, but I'd assume it
> > > > > is _still_ broken on HPPA, nevertheless the glibc
> > > > > is _not_ a good alternative, although it _might_
> > > > > work for simple things.
> > > >
> > > > I guess we can find out when Joel sends results of tests?
> > >
> > > possible, well, testme and testfs will not
> > > detect the insecurities introduced by glibc
> > >
> > Are there any tests available to check for these glibc problems?
>
> I don't know of explicit tests, but it should be
> possible to create some, given that somebody wants
> to spend time on it ...
>
> > If not, perhaps a pointer or two into the mail archives on
> > the subject or pointer(s) to a discussion of the problems found?
>
> http://list.linux-vserver.org/archive/vserver/msg09379.html
> (there are others, just goolge for it)
>
Thanks, now I read what the concerns are. . .
That message is about the date of glibc-2.3.2 - current is 2.3.6
There has been a fair number of changes done between those versions.
Some affecting getpwnam() and friends when used in staticly linked
programs.
I think both of the mentioned restrictions can now be enforced.
Let me spend some time on checking that statement before I go too
far out on a limb.
Mike
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Feb 3 02:09:09 2006