On Mon, Feb 01, 1999 at 12:05:27PM +0100, Richard Braakman wrote: > Joey Hess wrote: > > Wichert Akkerman wrote: > > > > general 28850 gettext: security problem when used in setuid > > > > programs [0] (debian-devel@lists.debian.org) > > > > > > Everyone who has a package with a setuid program or something that runs > > > as root should check if it uses gettext, and if so recompile it with > > > the latest gettext installed. Please not that this is not necessary for > > > programs that use the gettext from libc6. > > > > Could a lintian check be written to check for this, perhaps? > > Not that I can think of. How can I check if a binary is linked statically > to gettext? The binaries are stripped, so I don't have symbol information.
What about some strings output? -- ----- -- - -------- --------- ---- ------- ----- - - --- -------- Ben Collins <[EMAIL PROTECTED]> Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. [EMAIL PROTECTED] ------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
