From: Logan Johnson <firstname.lastname@example.org>|
Subject: libsafe added to -current
Date: Tue, 25 Apr 2000 22:23:23 -0700 (PDT)
Bell Labs libsafe Added to Slackware-current
We are pleased to announce that today version 1.3 of Bell Labs' libsafe
library was merged into the slackware-current "contrib" tree. libsafe
replaces several standard C library functions with versions that have been
hardened against buffer overflow exploits. As this type of exploit comprises
many (perhaps most) of the security vulnerabilities that are discovered these
days, and as libsafe is transparently used by most programs throughout the
system, its inclusion greatly increases system security with minimal impact on
Please see Bell's libsafe web page for more details:
The slackware-current ChangeLog also has more slackware-specific information,
as does the libsafe.txt file in the /contrib directory.
Please note that libsafe is in the /contrib directory and not merged into the
main distribution. This is due to a few problems noted in the libsafe.txt
- libc4 and libc5 compatibility is broken. libsafe replaces libc6
functions, but is preloaded for everything. Programs dynamically
linked against another libc version will see the libsafe functions,
get confused, and die. This is to be expected.
- some other programs may break; we know that 'xv', at least, does.
See the aforementioned libsafe.txt before installing the libsafe package.
-- The Slackware Linux Project