On Wed, 2004-01-21 at 07:00, Warren Togami wrote: > Proposal: Optional libsafe add-on? > > I personally have been using libsafe on all of my RH7.x, RH8 and RH9 > servers with apparently no ill effects in these past years [1]. libsafe > intercepts many of the potentially dangerous glibc calls like string > operations, and replaces it with functionally equivalent functions. If > it detects an overflow or format string exception, the process group is > sent SIGKILL and a /var/log/secure entry is generated. The following > list of functions is from the libsafe manpage. Modifying the world as an 'option' for legacy updates seems like a bad idea, a confusing idea for users, and generally a waste of time. If I've got older machines I want them to be left alone and just have security patches applied. I don't want to be putting brand new things on there. -sv
