From owner-freebsd-security@FreeBSD.ORG Tue Feb 3 13:49:01 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE646703 for ; Tue, 3 Feb 2015 13:49:01 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8CE71F17 for ; Tue, 3 Feb 2015 13:49:01 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id A935E20C7F for ; Tue, 3 Feb 2015 08:48:53 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Tue, 03 Feb 2015 08:48:53 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=taxJaX6B+1bBRQzKNWFCBWRp KYA=; b=IfvGYnt3SN/UKUSOYQNPvA0dCf/s4IOaw63WcbLebARReH8XH5zE7kft rcHZiovX7R6nTi3qh8FaFXk6p/hzI0+meCBCs8tCir+BI4Bgxj7bKLQh5IcH7qlJ H8AtRh2NxOJ96FzP9iO7fvaQ2nPwBr9sSrTxoNKTutUrNgEaoxY= Received: by web3.nyi.internal (Postfix, from userid 99) id 66C24147126; Tue, 3 Feb 2015 08:48:53 -0500 (EST) Message-Id: <1422971333.3444346.222480213.4886CF10@webmail.messagingengine.com> X-Sasl-Enc: N+OTbCOvwoNNWV2fs0P3JRRovpAbbosC1tqjvCeMsw+3 1422971333 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-b6284d51 In-Reply-To: <20150202185806.BD0AF865@hub.freebsd.org> References: <20150202150721.E8553209@hub.freebsd.org> <20150202152243.GA29176@in-addr.com> <20150202164319.GL11558@ivaldir.etoilebsd.net> <20150202185806.BD0AF865@hub.freebsd.org> Subject: Re: Enumerating glibc dependencies Date: Tue, 03 Feb 2015 07:48:53 -0600 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2015 13:49:01 -0000 On Mon, Feb 2, 2015, at 12:58, Roger Marquis wrote: > > Is FreeBSD glib always linked to libc (vs glibc)? > > Apparently it is, at least on the systems I've tested where there were no > glibc dependencies at all. Another item added to the list of BSD > (security) advantages. > Unless you're building a Frankenstein OS you should never come across a situation where a native FreeBSD binary is linked to glibc. (I'm not even sure it's possible!) Linux uses glibc for their libc reference, we use our own. If you are running native Linux binaries via the linuxulator you will certainly be using glibc for those binaries. Those programs could be vulnerable to glibc issues.