Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Mateusz Arkadiusz Mierzwinski <mateuszmierzwinski@...>
Subject: Re: #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 11:50:46 +0200
<div class="gmail_quote">2010/10/28 Pavel Labushev <span dir="ltr">&lt;<a href="mailto:p.labushev@...">p.labushev@...</a>&gt;</span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">&gt; I didn&#39;t test that patch; even if it&#39;s incorrect, bugreport is not about<br>
&gt; a patch. It&#39;s about a security issue.<br>
<br>
</div>Well, the bug report is about the patch. There&#39;s another bug about the<br>
issues with LD_AUDIT: <a href="https://bugs.gentoo.org/show_bug.cgi?id=341755" target="_blank">https://bugs.gentoo.org/show_bug.cgi?id=341755</a><br></blockquote><div><br>&quot;The beat goes on! Nothings wrong!...&quot;. Tell me - If app have bug - like &quot;calc&quot; ;) app in KDE - who uses it? Developers will not patch app because it&#39;s less then 1% users that use it in KDE? I don&#39;t think so. Even if it&#39;s lower priority patch i think it should be included in mainstream. It&#39;s like buying a car, that closes by remote but 1% of users will still use key for central lock - ups! None included? Service: &quot;Sorry! That&#39;s not mainstream ;). You must install it by Yourself&quot;  :]. <br>
 </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im"><br>
&gt; This proof-of-concept exploit still works in gentoo (amd64 stable at least,<br>
&gt; even hardened!), because some dangerous variables are not filtered out.<br>
<br>
</div>It still works because glibc-2.11.2-r2 with the fix is still keyworded<br>
(yeah, epic fail goes on).<br>
<br>
</blockquote></div><br>Let&#39;s keyword everything, push &quot;da blocks, man!&quot; on every package and this will be most secured distro :&gt;. Great Job! :) <br><br>I think, that Gentoo Devs forget about something more important in today&#39;s world - USABILITY. The &quot;normal&quot; user without &quot;extra abilities&quot; will not Patch anything because he don&#39;t even know what PATCH is. Developers have those users TOO on Gentoo. This is strenght of Mandriva, Debian-like distros (Ubuntu line specialy). Users click and software works, it upgrades and if bug is get the patch is downloaded with latest update. Tell mister &quot;Marian&quot; from accounting that he must PATCH something. I like that kind of face look of that people after saying that Junk -&gt; :] &quot;Yeah! Sure... What icon should I press in My &quot;K&quot; Menu?&quot;.<br>
<br>Devs should include patches in mainstream even if it&#39;s less prior patch. Why? Because it takes about 2-10 (knowledge level) minutes extra and drops discussions like this one. 10 Minutes extra VS silence - i think it&#39;s fair :).<br>
<br><br clear="all"><br>-- <br>Mateusz Mierzwiński<br><br><font color="#888888">Bluebox Software [PL]<br>Neural Networks, Artificial Perception and Artificial Intelligence projects coordinator</font><br>
Replies:
Re: #342619 RESOLVED WONTFIX
-- Kfir Lavi
References:
#342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Kirktis
Re: #342619 RESOLVED WONTFIX
-- Volker Armin Hemmann
Re: #342619 RESOLVED WONTFIX
-- dev-random
Re: #342619 RESOLVED WONTFIX
-- Pavel Labushev
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: #342619 RESOLVED WONTFIX
Next by thread:
Re: #342619 RESOLVED WONTFIX
Previous by date:
Re: #342619 RESOLVED WONTFIX
Next by date:
Re: #342619 RESOLVED WONTFIX


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.