On Fri, Aug 24, 2007 at 12:23:39PM +0100, David Given wrote:
> (Incidentally, the more I look at fakechroot the more I'm coming to believe
> that it's no use for anything whatsoever. The security aspects of it are...
> erm... nil; it's trivial for the client app to break out of its jail. Is this
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lucas Nussbaum wrote:
[...]
> Then what about using ptrace and overriding syscalls in the way
> usermodelinux used to do it?
Yes, indeed; that is currently looking like the best approach. Not only does
it provide the low-level interface that upstream
On Thursday 23 August 2007 17:26, David Given wrote:
> Don Armstrong wrote:
> [...]
>
> > The people who have responded to you so far strongly suspect that it's
> > not worth the effort, but without knowing why the glibc we already
> > distribute can't be used, it's hard for us to give you a defini
On 24/08/07 at 01:26 +0100, David Given wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Don Armstrong wrote:
> [...]
> > The people who have responded to you so far strongly suspect that it's
> > not worth the effort, but without knowing why the glibc we already
> > distribute can't b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don Armstrong wrote:
[...]
> The people who have responded to you so far strongly suspect that it's
> not worth the effort, but without knowing why the glibc we already
> distribute can't be used, it's hard for us to give you a definitive
> answer.
*n
On Fri, 24 Aug 2007, David Given wrote:
> Currently I am merely trying to figure out whether upstream's idea
> of using a customised glibc is possible on Debian
It's always possible to do so. However, actually doing so requires
that you convince the security team, the maintainer(s), and the
releas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Neil Williams wrote:
[...]
> Do the work and come back to the list with
> a detailed reasoning for what is a MAJOR packaging decision. This isn't
> "yet another customised version of a package" it is a COPY of GLIBC!
Don't shout at me, please.
Yes, I
On Thu, 23 Aug 2007 22:26:35 +0100
David Given <[EMAIL PROTECTED]> wrote:
> > Please can you give the details of why this is necessary?
>
> It's an LD_PRELOAD hack. When glibc calls itself --- for example when fopen()
> calls open() --- it does so using a hidden private interface, which means the
8 matches
Mail list logo
