😱

  • jeremyparker@programming.dev
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    11 months ago

    Noob question: that’s a really old library, right? Has this issue been there for decades before someone found it, or is this vulnerability part of some newer addition to it?

    Edit: I didn’t understand the first sentence of the article so I figured I wouldn’t understand any of it – but my question is answered pretty early on:

    It’s said to have been accidentally introduced in August 2022 with the release of glibc 2.37.

    • swordsmanluke@programming.dev
      link
      fedilink
      arrow-up
      8
      ·
      11 months ago

      glibc is the library that provides basic functionality for C programs. It provides the bottom level implementation for things like opening files, requesting memory, and other OS-level stuff.

      glibc isn’t the only implementation out there. Even on Linux, there are other options, such as muslc.

      It gets updated regularly, as the C standard or operating system needs. So while it has been around for a very long time (by software standards anyway) it’s still an active and evolving piece of software. --and one that underpins many critical functions of our systems.

    • CameronDev@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Its been around a long time, but evolves with the C standard and the linux kernel. It is basically a layer between C and the kernel.