it is immune to browser exploits like Return-to-libc attack .
You can find Musl @... http://slakfinder.org/index.php?act=sea ... e=#resultsOne Linux-based package that's not vulnerable is Google's Android mobile
operating system. It uses a glibc substitute known as Bionic and isn't susceptible...
see... https://arstechnica.com/information-tec ... ulnerable/
also... https://security.googleblog.com/2016/02 ... k.html?m=1
Source is @... https://www.musl-libc.org/releases/
Although... I addressed this issue in an earlier, thread (as "fullmoonremix")
I have since found, another way to enable musl libc as a glibc drop-in.
Renaming /usr/lib64/musl/ld-musl-x86_64.so.1 to ldd and copying it to
/user/bin to overwrite the original ldd is the initial way to deprecate glibc.
However... ld-musl-x86_64.so.1 is actually a symlink to /usr/lib64/musl/libc.so.1
That means you can send libc.so.1 to a /root/Desktop symlink rename
it ldd and then copy it to /usr/bin to overwrite the original ldd.
I use this tactic with my Porteus default menu by creating 2 modules
named 04-default.xzm (Musl) and 09-default.xzm (w/ the "new" ldd).
You can actually use 1 module but I like to keep modifications separate.
Then in porteus.cfg... I rename the 1st menu entry "Userland" and the 2nd entry "Toolchain".
Then I use the identical cheatcodes only changing the 2nd entry to include... noload=default.
@ boot when I want to develope I select "Toolchain" (glibc )
and for everything else (that plays nice w/ Musl ) "Userland".
I made this thread while booted into (and protected by)
Musl which also runs in my Kasda ( OpenWrt ) wifi router.
Please Note: One should (if possible) make remastered module
changes in /root/Desktop to avoid breaking module symlinks.
It's been a while since I've reached out to src2pkg's creator but since
musl libc breaks src2pkg's "setup" perhaps he knows a workaround.
Or maybe the solution lies in /usr/bin/musl-gcc?
More to come...