[ Good god... did I really send a full quote in that mail? Sorry. ]
Hi!
* Alexander Reichle-Schmehl toli...@debian.org [111208 10:13]:
If we can get a reliable backporter for hardening-wrapper as well,
most of my concerns here covered. On the lintian.d.o side, it means we
may have to
HI!
Am 08.12.2011 23:40, schrieb Kees Cook:
Backporting concerns and output stability:
==
Both the FTP-masters and Lintian.d.o needs everything in stable (or
stable-backports).
[..]
Given that dpkg-buildflags won't be backported, perhaps just having
On Fri, Dec 09, 2011 at 09:27:18AM +0100, Alexander Reichle-Schmehl wrote:
Am 08.12.2011 23:40, schrieb Kees Cook:
Backporting concerns and output stability:
==
Both the FTP-masters and Lintian.d.o needs everything in stable (or
stable-backports).
Hi!
As you fellow backporter I took a quick glance at the hardening-wrapper
package, and didn't spotted any problems so far (as in: I could create
a backport, install it, and can still compile stuff). However, as I'm
not very familiar with it, I'll ping the maintainers for their opinion.
Also
Hi!
Am 08.12.2011 10:13, schrieb Alexander Reichle-Schmehl:
As you fellow backporter I took a quick glance at the hardening-wrapper
package, and didn't spotted any problems so far (as in: I could create
a backport, install it, and can still compile stuff). However, as I'm
not very familiar
Package: lintian
Version: 2.5.4
Followup-For: Bug #650536
Hi,
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
is run on[1]. This smells like a CVE in the making, so would it be
possible for you to update
* Niels Thykier ni...@thykier.net, 2011-12-08, 12:06:
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it is
run on[1]. This smells like a CVE in the making,
AFAIUI, ldd in our libc is not vulnerable to
On Sat, Dec 03, 2011 at 11:20:05AM +0100, Niels Thykier wrote:
On 2011-12-02 01:33, Kees Cook wrote:
1) With these build tests added, all the other internal lintian tests
need to either:
a) add the new warnings to their tags file, or
b) have all their builds adjusted to
On Thu, Dec 08, 2011 at 12:06:37PM +0100, Niels Thykier wrote:
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
is run on[1]. This smells like a CVE in the making, so would it be
possible for you to
On Thu, Dec 08, 2011 at 11:50:19AM +0100, Jakub Wilk wrote:
Currently ldd is used to discover which libc the binaries is linked
to, in order to read symbol from the libc library. But this won't
work, even when using readelf, for foreign architecture binaries,
for the simple reason that such
On 2011-12-02 01:33, Kees Cook wrote:
Hi!
Hey,
Kees, Jakub and I had a chat about this yesterday in #d-devel. Also, I
have CC'ed Alexander due to your/his role as our backporter and as ftp
team member (Alexander, you may want to fast-foward to Backporting
concerns below).
Attached is a
11 matches
Mail list logo
