|
|
|
From: Logan Johnson <logan@slackware.com>
To: slackware-security@slackware.com
Subject: libsafe added to -current
Date: Tue, 25 Apr 2000 22:23:23 -0700 (PDT) |
|
Bell Labs libsafe Added to Slackware-current
---------------------------------------------------
We are pleased to announce that today version 1.3 of Bell Labs' libsafe
library was merged into the slackware-current "contrib" tree. libsafe
replaces several standard C library functions with versions that have been
hardened against buffer overflow exploits. As this type of exploit comprises
many (perhaps most) of the security vulnerabilities that are discovered these
days, and as libsafe is transparently used by most programs throughout the
system, its inclusion greatly increases system security with minimal impact on
the user.
Please see Bell's libsafe web page for more details:
http://www.bell-labs.com/org/11356/libsafe.html
The slackware-current ChangeLog also has more slackware-specific information,
as does the libsafe.txt file in the /contrib directory.
ftp://ftp.slackware.com/slackware/slackware-current/ChangeLog.txt
ftp://ftp.slackware.com/slackware/slackware-current/contrib/libsafe.txt
Please note that libsafe is in the /contrib directory and not merged into the
main distribution. This is due to a few problems noted in the libsafe.txt
file, namely:
- libc4 and libc5 compatibility is broken. libsafe replaces libc6
functions, but is preloaded for everything. Programs dynamically
linked against another libc version will see the libsafe functions,
get confused, and die. This is to be expected.
- some other programs may break; we know that 'xv', at least, does.
See the aforementioned libsafe.txt before installing the libsafe package.
-- The Slackware Linux Project
http://www.slackware.com
|
|
|
