log☇︎
400 entries in 0.606s
asciilifeform: but of actual dross. e.g. most of what glibc gloms on to every executable, never executes, these are bits you can flip with impunity
asciilifeform: ye olde 'These old versions of toolchain packages (binutils, gcc, glibc) are no longer officially supported and are not suitable for general use. Using these packages can result in build failures (and possible breakage) for many packages, and may leave your system vulnerable to known security exploits' nonsense.
spyked: anyway, I suspect all systems relying on shared libraries are stuck using the system-provided ld, regardless of the gcc version. if anything, because of the insane gcc defaults (glibc, dynamic symbols etc.) on newer distro versions.
mircea_popescu: dudes take glibc and fucking shove it.
asciilifeform: ( picture the elephantine drepper glibc in every bin )
a111: Logged on 2016-02-16 15:59 asciilifeform: 'The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.'
spyked: http://btcbase.org/log/2017-11-20#1741206 <-- at some point, glib folks will decide that gcc < 5 isn't "modern enough" to build glibc, so they'll break compatibility. will, in the (now) tradition of introducing arbitrary changes. ☝︎
asciilifeform: the buildroot (aka 'rotor') thing is a dour wartime expedient, in case anyone forgot -- if we had a musltronic linux, or a bsd (i.e. non-glibc os) it would be unnecessary
asciilifeform attempts a build of traditional stator trb inside netbsd ( as rotor is unnecessary there, there is no drepper glibc )
asciilifeform: ( you can't dns from a statically linked glibc. but this does not bother me )
a111: 287 results for "glibc", http://btcbase.org/log-search?q=glibc
asciilifeform: !#s glibc
asciilifeform: or that glibc imports drepper's 0days for you
trinque: I dug a glibc trench for now while I fiddle with musl+X
asciilifeform: glibc is also not supported for trb.
lobbes: Perhaps musl is better option? Fwiw, I posted over on gentoo forumz with my specifics, but am not versed enough to know if the suggestions they gave (e.g. using glibc) will fuck me over building trb or not: https://forums.gentoo.org/viewtopic-t-1062324.html?sid=c3ea68da31445ec3e870e5344a443dd3
lobbes: So, I'm midway through my first gentoo adventure. Currently on the compile kernel step (genkernel), but running into funkiness with uClibc errors. My question is: if I abandon uClibc for, say, glibc, will I have issues building trb? (I remember reading in logz that trb doesn't use glibc)
Framedragger: asciilifeform: ah, only glibc etc if "recvfrom" in keywords, you're right. but if only "recv" (https://codesearch.debian.net/search?q=recv+.*+MSG_PEEK&page=1), then lots of results
asciilifeform: Framedragger: it seems to find strictly 1) glibc 2) quake (?!)
asciilifeform: a la glibc.
asciilifeform: lulcoinz: it's the bitcoin you used in 2011. ~21,000 lines, and shrinking. ( and no 'headers-first' pseudo-verification idiocy, no leveldb, no p2sh, no githubism, no dns, no glibc, various other 'noes'. large collection of exquisite noes.)
mircea_popescu: because "/lib/tls/i686/cmov/libc.so.6: version `GLIBC_2.15' not found"
asciilifeform: mircea_popescu: just when you thought this can't get any lulzier: '...resource exhaustion issues which can be triggered only with crafted patterns (either during compilation or execution) are not treated as security bugs.' ( https://sourceware.org/glibc/wiki/Security%20Exceptions )
phf: who knows with threads, i wouldn't be surprised if sbcl touches them in very inappropriate, glibc specific ways
asciilifeform: (iirc all versions of emacs from past decade or so have some kind of perverse hardcoded reliance on glibc in particular)
mircea_popescu: glibc is already frozen pre 5
asciilifeform: trinque: recall, the drepperites are getting ready to break glibc so that no moar clasical emacs.
a111: Logged on 2016-12-29 03:06 asciilifeform: socket.c:(.text.__gnat_gethostbyaddr+0x1a): warning: Using 'gethostbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
asciilifeform: mircea_popescu: it's the crapola from ye olde glibc
mircea_popescu: "Using 'getservbyport_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking" << what THE FUCK does this even mean.
asciilifeform: ^ for the record. glibc retardation -- spreads.
asciilifeform: socket.c:(.text.__gnat_getservbyport+0xc): warning: Using 'getservbyport_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
asciilifeform: socket.c:(.text.__gnat_getservbyname+0xc): warning: Using 'getservbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
asciilifeform: socket.c:(.text.__gnat_gethostbyname+0xf): warning: Using 'gethostbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
asciilifeform: socket.c:(.text.__gnat_gethostbyaddr+0x1a): warning: Using 'gethostbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking ☟︎
trinque: asciilifeform: yeah, when I run my gentoo recipe, it's usually musl unless I actually need the glibc turd for something
asciilifeform: buildroot, at least as seen in 'rotor', is not necessary on bsd!! there is no glibc there !! afaik static linking works normally on known bsd
asciilifeform: trinque: there is 'nexus of hierarchy' where we, e.g., study writings of mircea_popescu because they make sense and worth respect. and there is the other kind of hierarchy, where prb makes dns query using usg.glibc and internic root server is hardbaked into the code.
asciilifeform: (i.e. a box where gcc was built on glibc)
asciilifeform: (builds with musl, instead of glibc)
asciilifeform: quite like, e.g., glibc's dyn load
asciilifeform: trinque: consider a scenario where i review, e.g., glibc
assbot: Logged on 20-03-2016 06:27:49; phf: i've managed a reiserfs/lilo combo, though genkernel claims that it doesn't work with reiserfs. uclibc vanilla failed on chroot step, ifconfig and all the other networking bits refused to work. perhaps i needed to grab a uclibc iso? in any case i proceeded witha glibc install for now
phf: i've managed a reiserfs/lilo combo, though genkernel claims that it doesn't work with reiserfs. uclibc vanilla failed on chroot step, ifconfig and all the other networking bits refused to work. perhaps i needed to grab a uclibc iso? in any case i proceeded witha glibc install for now ☟︎
asciilifeform: it is a poetteringization of the ordinary glibc execution process
asciilifeform: # /etc/localtime is a symlink with glibc > 2.15-41
asciilifeform: 'Stallman recently tried what I would call a hostile takeover of the glibc development. He tried to conspire behind my back and persuade the other main developers to take control so that in the end he is in control and can dictate whatever pleases him. This attempt failed ... '
mircea_popescu: baked in everywhere, to the level of fucking glibc (what fucking business does glibc have with offering a spurious aliasing service for ips AT ALL ?! that shit belongs three levels below glibc!)
assbot: Carlos O'Donell - [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflo ... ( http://bit.ly/1LrHMwR )
mircea_popescu: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html << anyone fuckin looked at o'donell's glibc patch ?
asciilifeform: Jacmet: the background: i originally picked up buildroot to do an arm system build for an obscure box. and then discovered that it is also the only practical means of compiling with musl instead of glibc, for any system
jurov: mod6 well, on another box i updates glibc to same version and perl works fine
jurov: asciilifeform: how do i list patches that went into glibc-2.22-r2 ?
jurov: i updated glibc with the patch
jurov: yes it's likel, i updated glibc, then i said to myself might as well update whole system
pete_dushenski: http://log.bitcoin-assets.com/?date=17-02-2016#1408731 << your glibc/musl efforts weren't useless !!!!11 ☝︎
asciilifeform: the glibc one or otherwise
assbot: GLibc remote exploit affects all Bitcoin clients - except for one. : netsec ... ( http://bit.ly/1LrIj1X )
BingoBoingo: alf submission update: "reject: low quality" https://www.reddit.com/r/netsec/comments/4635y5/glibc_remote_exploit_affects_all_bitcoin_clients/
assbot: ScatoshiNukamoto comments on Most Bitcoin Clients Affected By GLIBC DNS Vulnerability ... ( http://bit.ly/1PDB8Yp )
asciilifeform: https://www.reddit.com/r/Bitcoin/comments/46354z/most_bitcoin_clients_affected_by_glibc_dns/d02dax4 << lulzy
assbot: nullc comments on Most Bitcoin Clients Affected By GLIBC DNS Vulnerability ... ( http://bit.ly/1Qjto19 )
davout: "we can't remove this thing from our code because it breaks some unnecessary feature, also random reasons maybe" <-> https://www.reddit.com/r/Bitcoin/comments/46354z/most_bitcoin_clients_affected_by_glibc_dns/d027oy0
davout: anyway, the glibc dns drama seems to be yielding large amounts of lulz and butthurt
assbot: Red Hat, Google Disclose Severe Glibc DNS Vulnerability; Patched But Widespread - Slashdot ... ( http://bit.ly/1RK77Zr )
BingoBoingo: http://linux.slashdot.org/story/16/02/16/1724222/red-hat-google-disclose-severe-glibc-dns-vulnerability-patched-but-widespread
assbot: Nearly All Bitcoin Nodes Affected By Glibc DNS Vulnerability : Buttcoin ... ( http://bit.ly/1RK5ScJ )
BingoBoingo: Ah most of the discussion so far is where it is expected https://www.reddit.com/r/Buttcoin/comments/463a0r/nearly_all_bitcoin_nodes_affected_by_glibc_dns/
assbot: Most Bitcoin Clients Affected By GLIBC DNS Vulnerability (Includes Core, Classic, and XT) : btc ... ( http://bit.ly/20BFC4I )
asciilifeform: why should the folks who ran glibc still have coin?
assbot: Most Bitcoin Clients Affected By GLIBC DNS Vulnerability (Includes Core, Classic, and XT) : btc ... ( http://bit.ly/20BF6DR )
assbot: GLibc remote exploit affects all Bitcoin clients - except for one. : netsec ... ( http://bit.ly/1LrIj1X )
asciilifeform: https://www.reddit.com/r/netsec/comments/4635y5/glibc_remote_exploit_affects_all_bitcoin_clients/
assbot: GLibc remote exploit affects all Bitcoin clients except for one | Hacker News ... ( http://bit.ly/1LrI6f1 )
assbot: Carlos O'Donell - [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflo ... ( http://bit.ly/1LrHMwR )
asciilifeform: BingoBoingo: i would add in your article that the flagship trb boxes are running sans-glibc.
BingoBoingo: But could be built against glibc so I think my wording is correct.
BingoBoingo: <asciilifeform> ~we nuked glibc entirely~ << Nuked the NEED for glibc
deedbot-: [Qntra] Google Unveils Glibc DNS Client Vulnerability Many Bitcoin Implementations Affected - http://qntra.net/2016/02/google-unveils-glibc-dns-client-vulnerability-many-bitcoin-implementations-affected/
asciilifeform: ~we nuked glibc entirely~
assbot: Google Unveils Glibc DNS Client Vulnerability Many Bitcoin Implementations Affected | Qntra ... ( http://bit.ly/1LrHczf )
BingoBoingo: http://qntra.net/2016/02/google-unveils-glibc-dns-client-vulnerability-many-bitcoin-implementations-affected/
asciilifeform: mircea_popescu: also recall, i excised not only dns but glibc
punkman: " The code that causes the vulnerability was introduced in May 2008 as part of glibc 2.9."
asciilifeform: ... and the rest of the glibc team '
asciilifeform: 'The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.' ☟︎
assbot: Google Online Security Blog: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow ... ( http://bit.ly/1LrFhL1 )
punkman: https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
assbot: Removing support for Emacs unexec from Glibc [LWN.net] ... ( http://bit.ly/1QO2Zr2 )
asciilifeform: pete_dushenski: also recall the glibc agonies
guruvan: that's on today's agenda is to see why my glibc fails out of the latest portage :P
BingoBoingo: And Glibc DNS functions force dynamic linking which is why excised from trb
asciilifeform: esp. now that it ACTUALLY WORKS because no more idiot glibc crud
asciilifeform: this is necessary when running a musl executable on a heathen (glibc) linux
assbot: Logged on 21-12-2015 21:09:59; pete_dushenski: e. also, that glibc is advertised as an 'essential' component of unix osen, but that it's very much something of a flying spaghetti monster
assbot: Logged on 21-12-2015 21:09:58; pete_dushenski: and after actually reading up a bit on glibc instead of telling myself "oh that's nice, alf's done another miraculous thing, which'd be the third this week, each of which is so miraculous that idkwtf it is, if it even applies to anything in my universe", i found that one of the glibc maintainers is florian weimar of http://qntra.net/2015/09/many-network-appliances-leak-master-tls-private-keys-through
asciilifeform: (the de-glibc-ation)
assbot: Logged on 21-12-2015 21:09:58; pete_dushenski: and after actually reading up a bit on glibc instead of telling myself "oh that's nice, alf's done another miraculous thing, which'd be the third this week, each of which is so miraculous that idkwtf it is, if it even applies to anything in my universe", i found that one of the glibc maintainers is florian weimar of http://qntra.net/2015/09/many-network-appliances-leak-master-tls-private-keys-through
pete_dushenski: e. also, that glibc is advertised as an 'essential' component of unix osen, but that it's very much something of a flying spaghetti monster ☟︎
pete_dushenski: and after actually reading up a bit on glibc instead of telling myself "oh that's nice, alf's done another miraculous thing, which'd be the third this week, each of which is so miraculous that idkwtf it is, if it even applies to anything in my universe", i found that one of the glibc maintainers is florian weimar of http://qntra.net/2015/09/many-network-appliances-leak-master-tls-private-keys-through-forward-secrecy/ ☟︎☟︎