Bug#816436: glibc hardening patch
control: severity -1 wishlist
control: tag -1 + moreinfo
control: tag -1 + security
On 2016-03-01 20:13, bancfc@openmailbox.org wrote:
> Package: glibc
> Version: 2.21-9
> Severity: high
>
> Hi. After the recent glibc debacle I came across a patch to harden this
> important library against common attack vectors. Please think about
There might be good idea behind this patch, but the recent GLIBC DNS
security issue is not really a good argument for that as it wouldn't
have change anything.
> reviewing and adding in Debian. The author warned there may be some package
> breakage but nothing too serious:
>
> http://seclists.org/oss-sec/2015/q1/604
If there breakages are to expected, you can't say they are "not too
serious". Breaking working applications, especially on productions
systems, is something serious. Breaking other packages Debian packages
is something serious. At the very *minimum* such a patch should come
with an audit of all Debian packages in the archive to determine which
one might break so that they can be fixed first.
Also as said on the above mailing list, the best issue is to discuss
this patch upstream on the libc-alpha mailing list, so that we can come
with a common solution that will be available for all distributions. To
the best of my knowledge this has still not been done. The oss-security
and this bug report are not the place for such a discussion, unless of
course such a patch has been rejected upstream.
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: