On Thu February 2 2006 19:32, Herbert Poetzl wrote: > On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote: > > On Thu February 2 2006 14:09, Herbert Poetzl wrote: > > > On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote: > > > > > > > > > > > > > > > really depends on the dietlibc, but I'd assume it > > > > > is _still_ broken on HPPA, nevertheless the glibc > > > > > is _not_ a good alternative, although it _might_ > > > > > work for simple things. > > > > > > > > I guess we can find out when Joel sends results of tests? > > > > > > possible, well, testme and testfs will not > > > detect the insecurities introduced by glibc > > > > > Are there any tests available to check for these glibc problems? > > I don't know of explicit tests, but it should be > possible to create some, given that somebody wants > to spend time on it ... > > > If not, perhaps a pointer or two into the mail archives on > > the subject or pointer(s) to a discussion of the problems found? > > http://list.linux-vserver.org/archive/vserver/msg09379.html > (there are others, just goolge for it) > Thanks, now I read what the concerns are. . .
That message is about the date of glibc-2.3.2 - current is 2.3.6 There has been a fair number of changes done between those versions. Some affecting getpwnam() and friends when used in staticly linked programs. I think both of the mentioned restrictions can now be enforced. Let me spend some time on checking that statement before I go too far out on a limb. Mike _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver