Gentoo Archives: gentoo-security

From: Pavel Labushev <p.labushev@×××××.com>
To: gentoo-security@l.g.o, gentoo-hardened@l.g.o
Subject: Re: [gentoo-security] #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 02:08:28
Message-Id: 4CC8CE72.7000607@gmail.com
In Reply to: Re: [gentoo-security] #342619 RESOLVED WONTFIX by Mateusz Arkadiusz Mierzwinski
> eruption or something else. Now collection is expanded to patches that > will not be mainstreamed :> This is GOOD PRACTICE :). Thinking about
Another distros do include patches for glibc not accepted by mainstream. In this particular case the patch is pretty trivial. And how many users actually need those LD_* vars to be handled for setuid/setgid binaries? My bet it's less than 1% of them, and even less than 0.1% of Hardened users. And what's the problem with including the patch only for glibc[hardened] and/or glibc[-debug]? I guess that's what at least Hardened users want: to proactively secure their system, even at the expense of some debugging facilities (PIE vs <gdb-7.1 as an example). To reject the patch without any explaination was one man's decision I do not agree personally, especially after Gentoo security team failed to fix the recent glibc vulns in a timely manner. On another point, if some users want this particular patch to be included, they should speak for themselves. By now I don't see much interest even among #gentoo-hardened people.