[354] in linux-security and linux-alert archive
syslog(2), libc-4.7.4: Versions confuse me.
daemon@ATHENA.MIT.EDU (Jakob Schiotz)
Mon Sep 11 16:00:33 1995
Date: Mon, 11 Sep 1995 10:48:47 -0500
From: Jakob Schiotz <schiotz@nils.wustl.edu>
To: linux-security@tarsier.cv.nrao.edu
Hi Security Gurus!
I am trying to defuse the syslog(2) bomb by installing libc version
4.7.4 as recently posted here, but I made the mistake of reading the
documentation... :-)
The release notes (release.libc-4.7.4) say that I need gcc 3.6.3 (Got
that one), binutils 2.5.2l.17 (got 2.5.2.6), and ld.so 1.6.7 (got
1.6.5).
So it looks like I should update binutils and ld.so. However the
release notes for binutils (release.binutils-2.5.2l.17) say that I
need libc-5.0.9 or higher, and that it's for ELF ! Also, the ld.so
that I can find is version 1.7.3 - isn't that an ELF version?
What should I do? Just install libc-4.7.4 (and pray to the Gods of
Linux)? Or install install some/all of the dependencies? Or
(shudder) migrate to ELF? Or just realise that sometimes fixing a
security hole can do more damage than the hacker could possibly do :-)
I hope this is the appropriate forum for asking this, and will
appreciate any help.
Jakob,
--
Jakob Schiotz ! Fax: +1 (314) 935 6219
Department of Physics ! Phone: +1 (314) 935 4968
Washington University ! Email: schiotz@howdy.wustl.edu
St. Louis, MO 63130, USA ! WWW: http://nils.wustl.edu/schiotz.html
