Glob links with gnu libc version 2.27 if compiled on a modern system. This is due to the vulnerabilities found in its libc implementation, particularly CVE-2017-15670-1. This could lead to a buffer overflow if a
~ operator is used. Since glob is not directly used by monero, removing support for it seems to be the simplest way to deal with this in order to preserve binary compatibility accross a range of linux distributions. Together with the back compatibility code for monero this should set the required libc version at 2.17.
Please see discussion and comments on https://github.com/monero-project/monero/pull/4929 before merging.
Glob links with gnu libc version 2.27 if compiled on a modern system. This is due to the vulnerabilities found in its libc implementation, particularly CVE-2017-15670-1. This could lead to a buffer overflow if a
~operator is used. Since glob is not directly used by monero, removing support for it seems to be the simplest way to deal with this in order to preserve binary compatibility accross a range of linux distributions. Together with the back compatibility code for monero this should set the required libc version at 2.17. Please see discussion and comments on https://github.com/monero-project/monero/pull/4929 before merging.