Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Kfir Lavi <lavi.kfir@...>
Subject: Re: #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 13:05:03 +0200
<div dir="ltr"><br><br><div class="gmail_quote">2010/10/28 Mateusz Arkadiusz Mierzwinski <span dir="ltr">&lt;<a href="mailto:mateuszmierzwinski@...">mateuszmierzwinski@...</a>&gt;</span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="gmail_quote">2010/10/28 Pavel Labushev <span dir="ltr">&lt;<a href="mailto:p.labushev@..." target="_blank">p.labushev@...</a>&gt;</span><div class="im"><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

<div>&gt; I didn&#39;t test that patch; even if it&#39;s incorrect, bugreport is not about<br>
&gt; a patch. It&#39;s about a security issue.<br>
<br>
</div>Well, the bug report is about the patch. There&#39;s another bug about the<br>
issues with LD_AUDIT: <a href="https://bugs.gentoo.org/show_bug.cgi?id=341755" target="_blank">https://bugs.gentoo.org/show_bug.cgi?id=341755</a><br></blockquote></div><div><br>&quot;The beat goes on! Nothings wrong!...&quot;. Tell me - If app have bug - like &quot;calc&quot; ;) app in KDE - who uses it? Developers will not patch app because it&#39;s less then 1% users that use it in KDE? I don&#39;t think so. Even if it&#39;s lower priority patch i think it should be included in mainstream. It&#39;s like buying a car, that closes by remote but 1% of users will still use key for central lock - ups! None included? Service: &quot;Sorry! That&#39;s not mainstream ;). You must install it by Yourself&quot;  :]. <br>

 </div><div class="im"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><br>
&gt; This proof-of-concept exploit still works in gentoo (amd64 stable at least,<br>
&gt; even hardened!), because some dangerous variables are not filtered out.<br>
<br>
</div>It still works because glibc-2.11.2-r2 with the fix is still keyworded<br>
(yeah, epic fail goes on).<br>
<br>
</blockquote></div></div><br>Let&#39;s keyword everything, push &quot;da blocks, man!&quot; on every package and this will be most secured distro :&gt;. Great Job! :) <br><br>I think, that Gentoo Devs forget about something more important in today&#39;s world - USABILITY. The &quot;normal&quot; user without &quot;extra abilities&quot; will not Patch anything because he don&#39;t even know what PATCH is. Developers have those users TOO on Gentoo. This is strenght of Mandriva, Debian-like distros (Ubuntu line specialy). Users click and software works, it upgrades and if bug is get the patch is downloaded with latest update. Tell mister &quot;Marian&quot; from accounting that he must PATCH something. I like that kind of face look of that people after saying that Junk -&gt; :] &quot;Yeah! Sure... What icon should I press in My &quot;K&quot; Menu?&quot;.<br>
</blockquote><div>LOL, I would like to know &quot;Marian&quot; in person and his habbits of upgrading OOcalc. <br>I wonder how he edit his /etc/make.conf, hehe, with windows edit?! :-P<br>Seriously, Gentoo is a system for &quot;Marian&quot; if and only if his friend &quot;SuperUser&quot; keep his system running. <br>
And by the same token, go to your next desk friend who is a computer scientist and ask him to install gentoo. (GENGOO WHAT???!!! SOUNDS LIKE A GOOD BUNGEE CORD ;-)  <br>Gentoo is for us, not for them...<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

 </blockquote><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Devs should include patches in mainstream even if it&#39;s less prior patch. Why? Because it takes about 2-10 (knowledge level) minutes extra and drops discussions like this one. 10 Minutes extra VS silence - i think it&#39;s fair :).<div>
<div></div><div class="h5"><br>
<br><br clear="all"><br>-- <br>Mateusz Mierzwiński<br><br><font color="#888888">Bluebox Software [PL]<br>Neural Networks, Artificial Perception and Artificial Intelligence projects coordinator</font><br>
</div></div></blockquote></div><br></div>
References:
#342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Kirktis
Re: #342619 RESOLVED WONTFIX
-- Volker Armin Hemmann
Re: #342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Pavel Labushev
Re: #342619 RESOLVED WONTFIX
-- Mateusz Arkadiusz Mierzwinski
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: #342619 RESOLVED WONTFIX
Next by thread:
[no subject]
Previous by date:
Re: #342619 RESOLVED WONTFIX
Next by date:
[no subject]


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.