Date: Tue, 25 Apr 2000 22:23:23 -0700 (PDT) From: Logan Johnson <logan@slackware.com> To: slackware-security@slackware.com Subject: libsafe added to -current Bell Labs libsafe Added to Slackware-current --------------------------------------------------- We are pleased to announce that today version 1.3 of Bell Labs' libsafe library was merged into the slackware-current "contrib" tree. libsafe replaces several standard C library functions with versions that have been hardened against buffer overflow exploits. As this type of exploit comprises many (perhaps most) of the security vulnerabilities that are discovered these days, and as libsafe is transparently used by most programs throughout the system, its inclusion greatly increases system security with minimal impact on the user. Please see Bell's libsafe web page for more details: http://www.bell-labs.com/org/11356/libsafe.html The slackware-current ChangeLog also has more slackware-specific information, as does the libsafe.txt file in the /contrib directory. ftp://ftp.slackware.com/slackware/slackware-current/ChangeLog.txt ftp://ftp.slackware.com/slackware/slackware-current/contrib/libsafe.txt Please note that libsafe is in the /contrib directory and not merged into the main distribution. This is due to a few problems noted in the libsafe.txt file, namely: - libc4 and libc5 compatibility is broken. libsafe replaces libc6 functions, but is preloaded for everything. Programs dynamically linked against another libc version will see the libsafe functions, get confused, and die. This is to be expected. - some other programs may break; we know that 'xv', at least, does. See the aforementioned libsafe.txt before installing the libsafe package. -- The Slackware Linux Project http://www.slackware.com