This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Policy for posting security bug reports?


On 06/24/2012 12:10 AM, Mike Frysinger wrote:

perhaps, but the point still stands -- it is fairly trivial to make binutils/gcc crash in pretty much every release, and neither project today cares about treating security bugs specially.
I'd say that the GCC & binutils projects absolutely care about security issues. There's simply not many of them for those projects to deal with.

i imagine there are plenty of other flags to do fun things like this since
there are compiler, preprocessor, and assembler flags to choose from.  i don't
think distcc runs the linker in parallel, otherwise that'd open up even more
stuff.
This is really outside the GCC/binutils area. These are really a problem with how sites configure distcc. Obviously distccd will run with whatever user privs it's configured for.

Suggesting GCC is responsible or can somehow compensate for a poorly configured user access privileges is absurd.

jeff



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]