* Rafael Laboissiere <[EMAIL PROTECTED]> [2007-09-14 20:50]: > * Andrew Makhorin <[EMAIL PROTECTED]> [2007-09-14 15:04]: > > > > Even though _glp_lib_xprintf is not declared in glpk.h, it is available in > > > libglpk.so and malicious programs *_can_* be written that could exploit > > > the > > > vulnerability. > > > > I see no way how to hide such internal routines from the linker. > > I do not know either.
Actually, there is a way to circumvent the problem. It is quite ugly and I am not sure you would like to implement it. Here is it: make the functions xprintf and xprint1 both static, and move them, together with xvprintf, into a header file (.h) which will be included by all other files calling xprintf or xprint1. The only side effect is that the resulting shared library will increase in size. -- Rafael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
