Patch'es that will (hopefully) be mentioned in 2.4.4..
r.floers at web.de
Wed Dec 20 13:04:46 PST 2000
> I was talking to Gerard this morning about adding the recent security
> patch'es (ala ed and glibc) to LFS...at least in the fashion of at least
> mentioning it to the user that it is a good idea
> Ed - http://www.debian.org/security/2000/20001129
> Glibc - http://www.debian.org/security/2000/20000902
> After looking at Debian's Security repository it started to make me
> wonder at such packages like modutils and make that were listed...
> Not just that, but most of the patch'es provided by Distro's are
> specific to it, adding all there "extra" features, there doesn't seem to
> be a simple patch from the pristine sources for ed, glibc, etc... makes me
> wonder the point of general linux security ;)
> *mumbles away and wonders if anyone knows what he is asking*
> Jesse Tie Ten Quee - highos at highos dot com
i've found one patch for glibc-2.1.3.
it's just 27 lines.. and don't know if this is what we are looking for.
would you have a look at it?
-------------- next part --------------
@@ -1,5 +1,5 @@
-/*Environment handling for dynamic loader.
- Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
+/* Environment handling for dynamic loader.
+ Copyright (C) 1995, 1996, 1997, 1998, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -55,7 +55,8 @@
const size_t len = strlen (name);
- for (ep = _environ; *ep != NULL; ++ep)
+ ep = _environ;
+ while (*ep != NULL)
if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
/* Found it. Remove this pointer by moving later ones back. */
@@ -66,4 +67,6 @@
/* Continue the loop in case NAME appears again. */
More information about the lfs-security