Although the vulnerability targets Linux, I have read that it is really a glibc vulnerability, and some sites suggest that one should install a fix on any platform. I know that there are a lot of packages out there that let you install glibc software on a Mac (such as homebrew, port, etc.) but I am not sure if a stock OS X install uses glibc.
I tried compiling the GHOST.c program given in the vulnerability notification, but get the following error:
$ gcc -o GHOST GHOST.c
Undefined symbols for architecture x86_64:
"_gethostbyname_r", referenced from:
_main in ccwPC2Tn.o
ld: symbol(s) not found for architecture x86_64
collect2: ld returned 1 exit status
But this doesn't make me feel much better, because I'm pretty sure there are other compilers besides gcc - in fact I don't think XCode even uses gcc any more. (Update: on closer inspection, it appears that gcc is a synonym for clang.) Perhaps the bug is still there but the function has been renamed?
So what can/should a Mac user do to determine if his or her system is affected, and if it is, how can it be fixed, given that the vulnerability may or may not be in binaries supplied by Apple?
Aucun commentaire:
Enregistrer un commentaire