Bug 19283 - compat-egcs-5.2 cannot co-exist with compat-egcs-6.2
compat-egcs-5.2 cannot co-exist with compat-egcs-6.2
Status: CLOSED DEFERRED
Product: Red Hat Linux
Classification: Retired
Component: compat-egcs (Show other bugs)
7.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-17 16:13 EDT by Ronald Cole
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-17 18:26:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ronald Cole 2000-10-17 16:13:15 EDT
I'm using Informix IDS 7.30UC7 and 4GL.  The 4GL packages require
compat-{binutils,egcs,glibc,libs}-5.2.  I had to get these packages from my
RedHat 6.2 disk but rpm seems to want to nuke compat-*-6.2 in order to load
them.  To me, it looks like the two compat package contents won't actually
step on each other, it's just that they are unfortunately named (so that
there can only be ONE compat series installed at a time).

Or is there a work around?
Comment 1 Ronald Cole 2000-10-17 18:25:57 EDT
Just to clarify: compat-egcs-6.2 is *not* an update to compat-egcs-5.2.  They
are
separate and distinct compatibility packages: thus "rpm -i" and "rpm -U" do the
"wrong thing".
The packages should properly be called compat-egcs52 and compat-egcs62 so that
they
can co-exist and rpm will do the "right thing" with them and their ilk.

Also, it would be wise to apply the recent security fixes to compat-glibc-5.2.
Comment 2 Jakub Jelinek 2000-10-20 08:42:44 EDT
You can rpm2cpio compat-*-5.2 | cpio -id into the system. We'll consider
putting the version into the compat names for future distributions.
As for security fixes to compat-glibc-5.2, all of the security issues were
related to setuid/setgid programs. But running dynamicaly linked
setuid/setgid program using /usr/*-glibc20-linux/lib/ld-linux.so.2
does not honour those setuid/setgid bits (because you get rights of ld-linux.so.2,
not the actual program you're running) and thus in order to exploit the bug
you'd either have to explicitely put the /usr/*-glibc20-linux/lib/ld-linux.so.2
interpreter into the binary (but why would anyone do that) or link
statically (again, I see no reason compiling setuid/setgid statically linked
programs against compatibility libraries).
Comment 3 Ronald Cole 2000-10-20 15:29:59 EDT
I was referring to the glibc locale and internationalization security checks
errata.  In the words of the errata, "It is highly probable that some of these
bugs can be used for local root exploits."

If you do change your mind and issue an errata for the compat-*-5.2 packages
(hopefully changing the names to compat-*52), then please consider adding the
fix for bug #19289.
Comment 4 Jakub Jelinek 2000-10-20 15:34:31 EDT
All the bugs fixed by that security errata were only relevant to
setuid/setgid programs, see above why I don't think this matters in
the compat library.

Note You need to log in before you can comment on or make changes to this bug.