[Discuss] Ubuntu 22.04 apt-get problem
Peter Willis
p.willis at telus.net
Fri Mar 31 16:02:52 PDT 2023
I was thinking about this.
How did you install 'notepadqq' originally?
Was that from the ubuntu packages or from a non-distribution package?
If that install for that changes your libc6 you should not use it.
No external non-distribution package should randomly install replacement binary packages into the opertional system on it's own behalf.
That's a security problem.
Suppose I make myself a notpadZZ package and then reprogram part of libc6 to have a back door for my own nefarious purposes.
I add that libc6 to my DEB and then anyone who installs it then has my version of libc6 running on thier system.
Theoretically, any other executables on the system that previously relied on libc6 will now be running my back door code.
I then just need to pick the right application to enact the back door indirectly. Like a web browser or web server that are already being used.
It may be a good idea to either build your notepad application from source or not use it if there is no proper distribution package for it.
There are other options for editors. Even Microsoft VSCode is available for ubuntu.
I can highly recommend 'Kate' (KDE) . Works great, has code highlighting and color schemes.
> On Mar 31, 2023, at 00:08, bctill <bctill at ece.uvic.ca> wrote:
>
> Hi Znoteer --
>
> A few days ago Peter Willis suggested downgrading libc6. I was reluctant to do so, because I thought it must be there for a reason. Well, I couldn't think of anything else to try, so finally, in desperation, I held my nose and ran
>
> $ sudo apt install libc6=2.35-0ubuntu3 libc-bin=2.35-0ubuntu3
>
> and... it worked. After that,
>
> $ sudo apt install g++
>
> succeeded. HOWEVER: notepadqq NO LONGER WORKS.
>
> I have no idea what else I broke by downgrading libc6 and libc-bin... how do I find out?
>
> Regards,
> -- Bernie.
More information about the Discuss
mailing list