[LWN Logo]

Date: Tue, 25 Apr 2000 22:23:23 -0700 (PDT)
From: Logan Johnson <logan@slackware.com>
To: slackware-security@slackware.com
Subject: libsafe added to -current


Bell Labs libsafe Added to Slackware-current
---------------------------------------------------

We are pleased to announce that today version 1.3 of Bell Labs' libsafe
library was merged into the slackware-current "contrib" tree.  libsafe 
replaces several standard C library functions with versions that have been 
hardened against buffer overflow exploits.  As this type of exploit comprises 
many (perhaps most) of the security vulnerabilities that are discovered these 
days, and as libsafe is transparently used by most programs throughout the 
system, its inclusion greatly increases system security with minimal impact on 
the user.

Please see Bell's libsafe web page for more details:

    http://www.bell-labs.com/org/11356/libsafe.html

The slackware-current ChangeLog also has more slackware-specific information,
as does the libsafe.txt file in the /contrib directory.

    ftp://ftp.slackware.com/slackware/slackware-current/ChangeLog.txt
    ftp://ftp.slackware.com/slackware/slackware-current/contrib/libsafe.txt

Please note that libsafe is in the /contrib directory and not merged into the
main distribution.  This is due to a few problems noted in the libsafe.txt
file, namely:

    - libc4 and libc5 compatibility is broken.  libsafe replaces libc6
      functions, but is preloaded for everything.  Programs dynamically
      linked against another libc version will see the libsafe functions,
      get confused, and die.  This is to be expected.

    - some other programs may break; we know that 'xv', at least, does.

See the aforementioned libsafe.txt before installing the libsafe package.


   -- The Slackware Linux Project
      http://www.slackware.com