Magnitude of glibc Vulnerability Coming To Light

msm1267 writes: The glibc vulnerability disclosed this week has some experts on edge because of how DNS can leveraged in exploits. Dan Kaminsky said that while man-in-the-middle attacks are one vector, it would appear that it's also possible to exploit the bug and attack most Linux servers via DNS caching-only servers. 'This would be substantially worse if it went through the caching ecosystem; 99 percent of attack vectors go through that system,' Kaminsky said. Glibc, or the GNU C library, is used by most flavors of Linux and also a number of popular web services and frameworks, giving attacks potentially massive horizontal scale. The major Linux distros have patched and pushed updates to servers; source code is also available for homegrown Linux builds.

Re:strlcpy() isn't good enough for glibc.

[bluefoxlucid]

Ulrich Drepper is an idiot. So is Theo da Rat. They're like rednecks who can fix absolutely any automobile you bring them, but are too stupid to think beyond the end of a wrench; these rednecks just know how to write C.