Mailing List Info
Slackware Logo


Security Advisories



General Info

Get Slack

Install Help






Other Sites



Mailing Lists


From: Logan Johnson <>
Subject: libsafe added to -current
Date: Tue, 25 Apr 2000 22:23:23 -0700 (PDT)
Bell Labs libsafe Added to Slackware-current

We are pleased to announce that today version 1.3 of Bell Labs' libsafe
library was merged into the slackware-current "contrib" tree.  libsafe 
replaces several standard C library functions with versions that have been 
hardened against buffer overflow exploits.  As this type of exploit comprises 
many (perhaps most) of the security vulnerabilities that are discovered these 
days, and as libsafe is transparently used by most programs throughout the 
system, its inclusion greatly increases system security with minimal impact on 
the user.

Please see Bell's libsafe web page for more details:

The slackware-current ChangeLog also has more slackware-specific information,
as does the libsafe.txt file in the /contrib directory.

Please note that libsafe is in the /contrib directory and not merged into the
main distribution.  This is due to a few problems noted in the libsafe.txt
file, namely:

    - libc4 and libc5 compatibility is broken.  libsafe replaces libc6
      functions, but is preloaded for everything.  Programs dynamically
      linked against another libc version will see the libsafe functions,
      get confused, and die.  This is to be expected.

    - some other programs may break; we know that 'xv', at least, does.

See the aforementioned libsafe.txt before installing the libsafe package.

   -- The Slackware Linux Project

Slackware™ is a trademark of Patrick Volkerding.