bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From: Mark H Weaver
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Fri, 23 Jun 2017 16:03:24 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) 
Leo Famulari <address@hidden> writes:

> On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote:
>> Most packages are linked with 'glibc-final' in (gnu packages
>> commencement), and we should expect them to now be linked with *its*
>> replacement.  Try this to find the expected glibc-final replacement:
>> 
>>   ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement) 
>> (@@ (gnu packages commencement) glibc-final))'
>
> Thank you for the clarification. Indeed, with Efraim's latest patch,
> packages seem to be referring to the replacement for glibc-final.

That's good news!

> So, do we think this patch is ready to apply? AFAIK, nobody has yet
> tried upgrading a GuixSD system with this patch. I won't have access to
> my bare-metal GuixSD system for the next few days.

I think someone should try reconfiguring their GuixSD system and booting
into it before we apply it to master.  I might be able to do it tonight,
or else I can do it tomorrow.

       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]