Date: Mon, 01 Jul 2002 21:04:50 -0600 From: Brett Glass <brett@lariat.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: resolv and dynamic linking to compat libc Message-ID: <4.3.2.7.2.20020701210053.0229c970@localhost> In-Reply-To: <20020701182234.GO8128@madman.nectar.cc> References: <4.3.2.7.2.20020701120628.023147e0@localhost> <3D1AA5F2.9020305@ca.com> <3D1AA5F2.9020305@ca.com> <4.3.2.7.2.20020701120628.023147e0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:22 PM 7/1/2002, Jacques A. Vidrine wrote: >Gee, I guess we better get cracking to take offline every previous >version of libc, too --- which would mean every version of FreeBSD and >who knows what else. Alas, ethics demand that they be either taken offline or accompanied with a clear, visible, and strong warning. And if compatibility libraries are offered, then yes -- they absolutely should be patched. If you don't, you're distributing vulnerable software, which is not ethical. >How about you help out by enumerating every copy on the Internet, >along with contact information for each? As if you could take those down. But what you *CAN* do is take down vulnerable software and/or accompany by an impossible-to-miss warning. A snapshot of 4.6-STABLE should also be made and released as 4.6.1. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020701210053.0229c970>