>> _glp_lib_xprintf is *not* api routine and formally being not declared >> in glpk.h it is not available to the user.
> Unfortunately, this is not the case. The following works here with GLPK > 4.21: > $ cat test.c > main () { _glp_lib_xprintf ("Ouch!\n"); } > $ gcc test.c -o test -lglpk > $ ./test > Ouch! > Even though _glp_lib_xprintf is not declared in glpk.h, it is available in > libglpk.so and malicious programs *_can_* be written that could exploit the > vulnerability. I see no way how to hide such internal routines from the linker. I just follow some recommendations given in the GNU Coding Standards http://www.gnu.org/prep/standards/standards.html (Section 4.3 Library Behavior): External symbols that are not documented entry points for the user should have names beginning with _. The _ should be followed by the chosen name prefix for the library, to prevent collisions with other libraries. These can go in the same files with user entry points if you like. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]