Re: Hardening patch

To: debian-dpkg@lists.debian.org, kees@debian.org
Subject: Re: Hardening patch
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 21 Sep 2011 09:08:12 +0200
Message-id: <[🔎] 20110921070812.GO4183@rivendell.home.ouaza.com>
Mail-followup-to: debian-dpkg@lists.debian.org, kees@debian.org
In-reply-to: <[🔎] 20110920023705.GA19369@gaara.hadrons.org>
References: <[🔎] 20110907041806.GA9520@gaara.hadrons.org> <[🔎] 20110907061300.GG8764@rivendell.home.ouaza.com> <[🔎] 20110907095519.GA1250@rivendell.home.ouaza.com> <[🔎] 20110907203713.GA1768@gaara.hadrons.org> <[🔎] 20110908065950.GK13613@rivendell.home.ouaza.com> <[🔎] 20110911022118.GA2408@gaara.hadrons.org> <[🔎] 20110911061942.GB9020@rivendell.home.ouaza.com> <[🔎] 20110913055641.GC8690@gaara.hadrons.org> <[🔎] 20110913065117.GP13263@rivendell.home.ouaza.com> <[🔎] 20110920023705.GA19369@gaara.hadrons.org>

On Tue, 20 Sep 2011, Guillem Jover wrote:
> I took the commit out from my push because this was still under
> discussion, that does not mean I've changed my mind though and I
> still do not really feel comfortable uploading a dpkg defaulting
> to bind now.
[...]
> I've written some of this in some previous mail, but I'll repeat. This
> can have real impact on performance, it potentially affects the whole
> archive (once it all switches to using dpkg-buildflags), and even on
> overally fast archiectures it might still affect a range of its slow
> systems, once bind now is set on an object (via DF_1_NOW, DF_BIND_NOW
> or DT_BIND_NOW) it cannot be disabled by neither of dlopen(RTLD_LAZY)
> nor environment variables, it's trading an optimization with a security
> measure.

Ok, you have convinced me. Please put your commit back and change the
default to disabled.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)

Reply to:

References:
- Next upload 2011-09-11 (dpkg 1.16.1)
  - From: Guillem Jover <guillem@debian.org>
- Re: Next upload 2011-09-11 (dpkg 1.16.1)
  - From: Raphael Hertzog <hertzog@debian.org>
- Hardening patch
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Hardening patch
  - From: Guillem Jover <guillem@debian.org>
- Re: Hardening patch
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Hardening patch
  - From: Guillem Jover <guillem@debian.org>
- Re: Hardening patch
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Hardening patch
  - From: Guillem Jover <guillem@debian.org>
- Re: Hardening patch
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Hardening patch
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Re: Some upcoming dpkg changes, test and feedback welcome
Next by Date: Re: Some upcoming dpkg changes, test and feedback welcome
Previous by thread: Re: Hardening patch
Next by thread: Proposal for a "Bits from dpkg developers"
Index(es):
- Date
- Thread