Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o, gentoo-hardened@g.o
From: Pavel Labushev <p.labushev@...>
Subject: Re: #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 09:14:26 +0800
> eruption or something else. Now collection is expanded to patches that
> will not be mainstreamed :> This is GOOD PRACTICE :). Thinking about

Another distros do include patches for glibc not accepted by mainstream.

In this particular case the patch is pretty trivial. And how many users
actually need those LD_* vars to be handled for setuid/setgid binaries?
My bet it's less than 1% of them, and even less than 0.1% of Hardened users.

And what's the problem with including the patch only for glibc[hardened]
and/or glibc[-debug]? I guess that's what at least Hardened users want:
to proactively secure their system, even at the expense of some
debugging facilities (PIE vs <gdb-7.1 as an example).

To reject the patch without any explaination was one man's decision I do
not agree personally, especially after Gentoo security team failed to
fix the recent glibc vulns in a timely manner.

On another point, if some users want this particular patch to be
included, they should speak for themselves. By now I don't see much
interest even among #gentoo-hardened people.


References:
#342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Kirktis
Re: #342619 RESOLVED WONTFIX
-- Volker Armin Hemmann
Re: #342619 RESOLVED WONTFIX
-- Mateusz Arkadiusz Mierzwinski
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: #342619 RESOLVED WONTFIX
Next by thread:
Re: #342619 RESOLVED WONTFIX
Previous by date:
Re: #342619 RESOLVED WONTFIX
Next by date:
Re: #342619 RESOLVED WONTFIX


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.