It should be sufficient to show that code linked against glibc doesn't call gethostbyname() or gethostbyname2(). A simple source grep would be enough for that. I'm willing to bet that neither libpcsc, libccid, nor pcscd do so, since none of them manage sockets (to my knowledge). -- T -----Original Message----- From: smartcardservices-users-bounces@lists.macosforge.org [mailto:smartcardservices-users-bounces@lists.macosforge.org] On Behalf Of Lamb, John (NIH/NCI) [C] Sent: Wednesday, January 28, 2015 11:32 AM To: Ludovic Rousseau Cc: SmartCard Services-Users Subject: Re: [SmartcardServices-Users] Smartcard Services and glibc Dr. Rousseau, Yeah, just making my security team happy. John Lamb (Contractor) SRA International National Cancer Institute Center for Biomedical Informatics and Information Technology 9609 Medical Center Drive Rockville, MD 20850 lambje2@mail.nih.gov <http://lambje2@mail.nih.gov> On 1/28/15, 12:30 PM, "Ludovic Rousseau" <ludovic.rousseau@gmail.com> wrote:
2015-01-28 18:16 GMT+01:00 Lamb, John (NIH/NCI) [C] <john.lamb2@nih.gov>:
Shawn & Ludovic,
Hello,
I was just wondering if smart card services, due to its relationship to muscle-card on linux, is compiled against glibc. If so, which version? If not, awesome!
I guess you are thinking about CVE-2015-0235. Exact?
Bye
-- Dr. Ludovic Rousseau
SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users