On 12/06/2013 10:43 AM, Reindl Harald wrote:
Am 06.12.2013 10:37, schrieb Ralf Corsepius:
IMO, -Wformat-security is almost negibile in comparison to these and you
are making way too much noise about it than it deserves.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string [*]
Yeah, a vulnerability - So what?
I'd guess the number and severity of vulnerabilities caused by TmpOnTmpfs
how should TmpOnTmpfs cause a vulerability?
the opposite is true
TmpOnTmpfs is magitudes smaller than a traditional /tmp on /.
This causes programs/packages which are assuming an "almost infinitely
sized /tmp" to easily fill up a small /tmp, and thus the system to choke.
2 Real world examples I've encountered with fedora 18 and 19:
* https://bugzilla.redhat.com/show_bug.cgi?id=971878
This one usually kills an individual's system.
* https://bugzilla.redhat.com/show_bug.cgi?id=1006658
This means one means using "convert" on webserver allows arbitrary users
on the web to kill servers.
Ralf
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
