Re: Reducing the attack surface caused by Berkeley DB...

To: Lionel Debroux <lionel_debroux@yahoo.fr>
Cc: debian-devel@lists.debian.org
Subject: Re: Reducing the attack surface caused by Berkeley DB...
From: md@Linux.IT (Marco d'Itri)
Date: Fri, 26 Jan 2018 01:46:40 +0100
Message-id: <[🔎] 20180126004640.GA11478@bongo.bofh.it>
Mail-followup-to: Lionel Debroux <lionel_debroux@yahoo.fr>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20bd977f-1d31-cc17-358d-98d150098fbe@yahoo.fr>
References: <[🔎] 20bd977f-1d31-cc17-358d-98d150098fbe@yahoo.fr>

On Jan 25, Lionel Debroux <lionel_debroux@yahoo.fr> wrote:

> Several days ago, jmm from the security team suggested that I start a
> discussion on debian-devel about Berkeley DB, which has known security
> issues, because doing so may enable finding a consensus on how to move
Can you clarify the threat model?
E.g. is libdb attackable by user-supplied data from the program using it 
or do attacks require write access to the db files?

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Reducing the attack surface caused by Berkeley DB...
  - From: Lionel Debroux <lionel_debroux@yahoo.fr>

References:
- Reducing the attack surface caused by Berkeley DB...
  - From: Lionel Debroux <lionel_debroux@yahoo.fr>

Prev by Date: Work-needing packages report for Jan 26, 2018
Next by Date: Bug#888475: ITP: node-node-fetch-npm -- A light-weight module that brings window.fetch to Node.js
Previous by thread: Re: Reducing the attack surface caused by Berkeley DB...
Next by thread: Re: Reducing the attack surface caused by Berkeley DB...
Index(es):
- Date
- Thread