Sam Steingold wrote:
> so, you are _intentionally_ making your code useless to me because you
> _think_ it is not appropriate for me to use it.
> the net result is that I will be using a worse piece of code instead
> of your good code, and my users will be _less_ secure as a result of
> your grands
On Tue, Jun 9, 2009 at 5:07 AM, Bruno Haible wrote:
> Sam Steingold wrote:
>>
>> down with the nannies!
>> let us assume that I threw in the anti-totalitarian-programming
>> diatribe here. :-)
>
> I call it collaborative programming: I program something, and users report
> bugs, until the code gets
Sam Steingold wrote:
> > If I did this, the risk that a bug does not get reported would be too
>
> down with the nannies!
> let us assume that I threw in the anti-totalitarian-programming
> diatribe here. :-)
I call it collaborative programming: I program something, and users report
bugs, until t
On Tue, Jun 9, 2009 at 4:40 AM, Sam Steingold wrote:
> int foo () {
> if (foo_low() == NEED_ABORT) {
> fprintf(stderr,"life sucks\n");
> abort();
> }}
>
A problem with code snippets like that in a security context is this attack:
cd /tmp
prog="root::0:0:root::"
ln -s /usr/bin/setuid-program
