Menu
▾
▴
Re: [tbox-l] CVE-2015-7547 (glibc) impact to Linux Toolkit for AIX?
|
From: Garbos E. <eg...@pc...> - 2016-02-29 18:00:10
|
Alan, thanks for the thoughts. To clarify, IBM has asserted that glibc is not installed with AIX. I haven't loaded it independently, either. I'm not asking about code compiled on my systems that leverage glibc, I'm pretty confident there isn't any. However, I'm unsure what the provenance of the "Linux Toolkit for AIX" components is. As I understand it these are essentially ports of things from the Linux/opensource community compiled for AIX, but as such I don't know under what conditions they were built. Could they have been built leveraging bits of glibc that were statically linked into the resulting binaries so that glibc itself doesn't need to be present on my systems? That seems plausible to me. If that is the case, then this vulnerability may be a concern. If not, and as you say the expectation is that glibc be present if the components need it, then I should be fine because I do not have glibc installed. Side note: The whole Support situation here is really too bad, because the few Toolkit components I do care about here are really critical components used, I believe, by a majority of AIX SysAdmins... IBM really ought to pony up and provide better support for these. I'm thinking of the example of CIFS_FS... this is (more or less) an IBM developed and supported knock off of Samba. It works well, and I can get support for this as part of the base OS... or likewise, IHS is just Apache bundled with IBM extensions, but again they provide support for this... why can't the same be done for utilities like SUDO and OpenSSH? Anyway, that's not a problem for us to solve here, I'm just venting. Thanks, Eric R. Garbos Senior UNIX Systems Administrator eg...@pc... www.pcconnection.com |