That's not the main part of the article, just a footnote, for anyone wondering.
The flaw resides in the glibc’s syslog function, an attacker can exploit the flaw to gain root access through a privilege escalation.
The vulnerability was introduced in glibc 2.37 in August 2022.
So, it must be with the BSDs too?
Iirc bad does not use glibc, but I'm not very involved with BSD.
It wouldn't make sense. Glibc is LGPL licensed, not really compatible with the BSD license...
BSDs use libc
Wait, why has a compiler system log functionlity?
glibc is a library, gcc is the compiler.
You are probably confusing the glibc with gcc and g++. Glibc is an implementation of the C standard library, made by GNU (thats where the g in the name comes from).
If you were to look into it, it uses the syscalls to tell the underlying computer system what to do when you call functions, such as printf.
That's not the main part of the article, just a footnote, for anyone wondering.
So, it must be with the BSDs too?
Iirc bad does not use glibc, but I'm not very involved with BSD.
It wouldn't make sense. Glibc is LGPL licensed, not really compatible with the BSD license...
BSDs use libc
Wait, why has a compiler system log functionlity?
glibc is a library, gcc is the compiler.
You are probably confusing the glibc with gcc and g++. Glibc is an implementation of the C standard library, made by GNU (thats where the g in the name comes from).
If you were to look into it, it uses the syscalls to tell the underlying computer system what to do when you call functions, such as
printf
.If you want to read more, see here