1 |
It is a good candidate to become a conditional patch for hardened. |
2 |
|
3 |
Dw. |
4 |
-- |
5 |
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 |
6 |
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962 |
7 |
|
8 |
2010.November 3.(Sze) 19:09 időpontban Ed W ezt írta: |
9 |
> On 28/10/2010 02:14, Pavel Labushev wrote: |
10 |
>>> eruption or something else. Now collection is expanded to patches that |
11 |
>>> will not be mainstreamed :> This is GOOD PRACTICE :). Thinking about |
12 |
>> Another distros do include patches for glibc not accepted by mainstream. |
13 |
>> |
14 |
>> In this particular case the patch is pretty trivial. And how many users |
15 |
>> actually need those LD_* vars to be handled for setuid/setgid binaries? |
16 |
>> My bet it's less than 1% of them, and even less than 0.1% of Hardened |
17 |
>> users. |
18 |
>> |
19 |
>> And what's the problem with including the patch only for glibc[hardened] |
20 |
>> and/or glibc[-debug]? I guess that's what at least Hardened users want: |
21 |
>> to proactively secure their system, even at the expense of some |
22 |
>> debugging facilities (PIE vs<gdb-7.1 as an example). |
23 |
>> |
24 |
>> To reject the patch without any explaination was one man's decision I do |
25 |
>> not agree personally, especially after Gentoo security team failed to |
26 |
>> fix the recent glibc vulns in a timely manner. |
27 |
>> |
28 |
>> On another point, if some users want this particular patch to be |
29 |
>> included, they should speak for themselves. By now I don't see much |
30 |
>> interest even among #gentoo-hardened people. |
31 |
>> |
32 |
> |
33 |
> I don't understand why upstream are against taking this patch? Can you |
34 |
> expand? |
35 |
> |
36 |
> Your argument seems compelling - I just don't understand why there is |
37 |
> any resistance? |
38 |
> |
39 |
> Cheers |
40 |
> |
41 |
> Ed W |
42 |
> |