This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Monday 25 June 2012 11:37:44 Jeff Law wrote: > On 06/24/2012 12:10 AM, Mike Frysinger wrote: > > perhaps, but the point still stands -- it is fairly trivial to make > > binutils/gcc crash in pretty much every release, and neither project > > today cares about treating security bugs specially. > > I'd say that the GCC & binutils projects absolutely care about security > issues. There's simply not many of them for those projects to deal with. i didn't say they don't care about security bugs. just that they don't care to jump through the hoops that other projects do related to disclosure over a private channel, coordinating fixes, and releasing simultaneously. a bug is a bug regardless of the security implication. > > i imagine there are plenty of other flags to do fun things like this > > since there are compiler, preprocessor, and assembler flags to choose > > from. i don't think distcc runs the linker in parallel, otherwise > > that'd open up even more stuff. > > This is really outside the GCC/binutils area. These are really a > problem with how sites configure distcc. Obviously distccd will run > with whatever user privs it's configured for. > > Suggesting GCC is responsible or can somehow compensate for a poorly > configured user access privileges is absurd. to be clear, i didn't suggest that anywhere. -mike
Attachment:
signature.asc
Description: This is a digitally signed message part.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |