From owner-freebsd-ports Tue Mar 12 0:30: 2 2002 Delivered-To: freebsd-ports@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 08A2B37B41A for ; Tue, 12 Mar 2002 00:29:53 -0800 (PST) Received: by energyhq.homeip.net (Postfix, from userid 1001) id C1F043FC5A; Tue, 12 Mar 2002 09:29:52 +0100 (CET) Date: Tue, 12 Mar 2002 09:29:52 +0100 From: Miguel Mendez To: Alan Eldridge Cc: FreeBSD Ports List Subject: Re: Only linux-emulation-based ports are affected by zlib advisory. Message-ID: <20020312092952.A13616@energyhq.homeip.net> Mail-Followup-To: Alan Eldridge , FreeBSD Ports List References: <20020312002905.GB862@wwweasel.geeksrus.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020312002905.GB862@wwweasel.geeksrus.net>; from alane@geeksrus.net on Mon, Mar 11, 2002 at 07:29:05PM -0500 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 11, 2002 at 07:29:05PM -0500, Alan Eldridge wrote: > I just got a clarification on the stable list I'll pass along: >=20 > Paraphrasing: >=20 > Only those ports which run under linux-emulation are possibly vulnerable. > Native ports are *not* vulnerable due to a difference in the way our mall= oc(3) > is implemented. In fact not even those. Stallman/libc reads an env var that determines it's behaviour. Per man page: Recent versions of Linux libc (later than 5.4.23) and GNU libc (2.x) include a malloc implementation which is tun=ADable via environment variables. When MALLOC_CHECK_ is set, a special (less efficient) implementation is used which is designed to be tolerant against simple errors, such as double calls of free() with the same argument, or overruns of a single byte (off-by-one bugs). Not all such errors can be proteced against, however, and memory leaks can result. If MALLOC_CHECK_ is set to 0, any detected heap corruption is silently ignored; if set to 1, a diag=ADnostic is printed on stderr; if set to 2, abort() is called immediately. This can be useful because otherwise a crash may happen much later, and the true cause for the problem is then very hard to track down.=20 =20 Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8jbx/nLctrNyFFPERApJYAJ49zDwt6eX+Ny6Bk2TEcTZ7cdiu8gCgmm5b I+yRNRYPMwKlmX9WdoJe5GQ= =KVXV -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message