Simon Josefsson <si...@josefsson.org> wrote: [...] > It appears to be usable by a lot of projects and people, so that seems > like an exaggeration. If I have understood Werner correctly, he > believes that it is the setuid binaries that are broken and should be > fixed. [...]
Hello, I would rather say he considers NSS (or PAM) fundamentally broken, because a tiny, scrutinized SUID binary ends up with *huge* amounts of external unrelated code in its address space after getpwnam(). Also libgcrypt does seem to be designed to be used indirectly (via gnutls) without knowing and caring about it. (Threading, secmem). Which is why about 50% of all gnutls-using packages are using gcry_control. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ja0098-mlf....@argenau.downhill.at.eu.org
