On Mon 31 Aug 2015 13:49, l...@gnu.org (Ludovic Courtès) writes: > Andy Wingo <wi...@igalia.com> skribis: > >> On Sun 30 Aug 2015 21:46, l...@gnu.org (Ludovic Courtès) writes: >> >>> The binary format for locales is dependent on the libc version. Over >>> the last few releases, it turned out to be compatible, but that of 2.22 >>> differs from that of 2.21 (a new element was added to locale categories, >>> according to ChangeLog.) >> >> Does this amount to a binary-incompatible change to libc? I guess not >> if you make sure that if you had a statically linked binary, that you >> set LOCPATH appropriately.... >> >> What if we built bootstrap binaries to statically link their LOCPATH ? >> Is that even possible? > > I don’t think locale data can be embedded in binaries. Also, it’s a > good strategy to avoid rebuilding the bootstrap binaries as much as > possible, as it intuitively suggests that a Thompson attack is unlikely.
Sorry, I meant to say: why not prevent LOCPATH from being overridden on bootstrap binaries? Right now they are effectively dynamically linked to their locale data. A nice fix would be to statically link them to their locale data. A