On Wed, 2004-01-21 at 07:00, Warren Togami wrote:
Proposal: Optional libsafe add-on?
I personally have been using libsafe on all of my RH7.x, RH8 and RH9 servers with apparently no ill effects in these past years [1]. libsafe intercepts many of the potentially dangerous glibc calls like string operations, and replaces it with functionally equivalent functions. If it detects an overflow or format string exception, the process group is sent SIGKILL and a /var/log/secure entry is generated. The following list of functions is from the libsafe manpage.
Modifying the world as an 'option' for legacy updates seems like a bad idea, a confusing idea for users, and generally a waste of time. If I've got older machines I want them to be left alone and just have security patches applied. I don't want to be putting brand new things on there.
-sv
This is why I suggested putting it on the webpage with lots of documentation and manual installation only. The documentation would to people NOT to use it unless they really know what they are doing and willing to monitor their server for a while.
Warren
