Re: Reporting 1.2K crashes

To: debian-devel@lists.debian.org
Subject: Re: Reporting 1.2K crashes
From: Russ Allbery <rra@debian.org>
Date: Tue, 25 Jun 2013 11:46:04 -0700
Message-id: <[🔎] 87vc52m3kj.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] E1UrVK2-0000qf-Te@swivel.zugschlus.de> (Marc Haber's message of "Tue, 25 Jun 2013 17:38:22 +0200")
References: <[🔎] CAF1AS2itHonB5KTnqNnX5xat4Bh7ytr0dG2txX6BSKzboVSMzA@mail.gmail.com> <[🔎] E1UrVK2-0000qf-Te@swivel.zugschlus.de>

Marc Haber <mh+debian-devel@zugschlus.de> writes:

> Will you also check Debian unstable? It is much easier to have a package
> in unstable fixed, and I suspect that not every crash you find will be a
> security relevant one.

I suspect most of them won't be, actually, or at least will be difficult
to exploit.  A lot of command-line binaries that are only ever run by a
regular user aren't particularly well-hardened against things like corrupt
configuration files or weird command-line options, but usually those
problems aren't really exploitable except under very artificial
situations.

Still, it's a robustness bug and I'm very happy to see them reported and
fixed.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Reporting 1.2K crashes
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Reporting 1.2K crashes
  - From: Alexandre Rebert <alexandre.rebert@gmail.com>
- Re: Reporting 1.2K crashes
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Re: download of source packages alarmed clamav
Next by Date: Re: Reporting 1.2K crashes
Previous by thread: Re: Reporting 1.2K crashes
Next by thread: Re: Reporting 1.2K crashes
Index(es):
- Date
- Thread