Re: Glibc sources?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 03/02/2015 10:38 AM, ANDY KENNEDY wrote:
>>> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
>>> gethostbyname().  My mission is to show that we are not affected by the latest exploit for
>>> the product we are shipping targeted for RHEL and CentOS.  To do so, I want to equip
>>> gethostbyname() with additional code.
>>
>> Do you plan on shipping this updated glibc as part of the product, or is
>> this simply for testing? If you plan to distribute/ship an updated
>> glibc, that's probably going to raise a few eyebrows and anger a few
>> sysadmins.
> 
> No release.  Only testing.
> 

Also, please be advised that rebuilding a package and then trying to
compare it to something else built earlier is likely not going to work
unless you can duplicate the exact set of packages that are installed in
the build root at the time of the build.  Even then, with documentation
generation, you STILL might not get an exact, bit for bit, match when
building later.

It is almost impossible to duplicate a closed and staged build system
for a give date unless you are trying very hard to do so.

>>
>>> My objective is to rebuild from source the EXACT version of GlibC for CentOS 6.6.
>>> Afterwards, I will make my changes in the code, rebuild and complete my testing.
>>>

^^ That would likely be impossible to accomplish. See my comments above.

<snip>

Thanks,
Johnny Hughes

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux