https://bugzilla.mindrot.org/show_bug.cgi?id=3478
--- Comment #3 from Darren Tucker <[email protected]> --- (In reply to Colin Watson from comment #2) > (In reply to Darren Tucker from comment #1) > > [...]security vulnerabilities > > I don't think this is _not_ an issue, and I agree it requires care - > that's why I included the umask case - but I think we have more > problems the other way round. Those fail closed and are (eventually) reported and fixed. The alternative fails open and risks becoming an exploit. > > [fixing it in glibc] > > Sure, but there seems little appetite to do this with > actually-existing Linux and glibc (I certainly don't have time for > that sort of multi-year project), so where does that leave us? > Tracking syscall minutiae forever doesn't seem appealing. I don't have a good answer for that. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
