This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Policy for posting security bug reports?

From: Mike Frysinger <vapier at gentoo dot org>
To: Florian Weimer <fw at deneb dot enyo dot de>
Cc: libc-alpha at sourceware dot org,Petr Baudis <pasky at ucw dot cz>,Rich Felker <dalias at aerifal dot cx>
Date: Wed, 27 Jun 2012 22:20:47 -0400
Subject: Re: Policy for posting security bug reports?
References: <20120623010836.GA2651@brightrain.aerifal.cx> <201206231831.18441.vapier@gentoo.org> <87395juxay.fsf@mid.deneb.enyo.de>

On Monday 25 June 2012 13:16:21 Florian Weimer wrote:
> * Mike Frysinger:
> > gcc & binutils pretty explicitly don't have security paths.
> 
> The generated object code could have security vulnerabilities not
> present in the source code, or its properties could make security
> hardening features ineffective.

true, but that rarely comes up and when it does, they haven't done anything 
special (afaik).  bugs go to bugzilla, and they get triaged/fixed like other 
bugs.
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.

References:
- Policy for posting security bug reports?
  - From: Rich Felker
- Re: Policy for posting security bug reports?
  - From: Mike Frysinger
- Re: Policy for posting security bug reports?
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]