Re: Why no security support for binutils? What to do about it?

To: debian-security@lists.debian.org
Subject: Re: Why no security support for binutils? What to do about it?
From: Paul Wise <pabs@debian.org>
Date: Wed, 1 Jan 2020 13:10:04 +0000
Message-id: <[🔎] CAKTje6Gz1sMVukExN48DbmCqXKtiqePWWQORzXd1RS=cQ=topA@mail.gmail.com>
In-reply-to: <[🔎] 87sgkzib8s.fsf@mid.deneb.enyo.de>
References: <87h81h8dg2.fsf@hfph.mwn.de> <87lfqsomtg.fsf@mid.deneb.enyo.de> <[🔎] CAKTje6FZr67Wf-J5EKBwBh2egnKhqHXpQtZPkyAbG4z+6ev+dA@mail.gmail.com> <[🔎] 87sgkzib8s.fsf@mid.deneb.enyo.de>

On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:

> Doesn't lintian on ftp-master use disposable VMs?

No mention of qemu/kvm in dak.git nor any qemu processes running on
ftp-master.d.o, so I don't think so.

> Some of its checks look inherently dangerous, e.g. the bash -n check for shell syntax.

What is dangerous about `bash -n`? IIRC that is supposed to not
execute shell code, but I guess you mean that the shell parsers in
Debian (bash/dash/etc) are particularly fragile? The same can probably
be said for the manual page checks and probably other parts of
lintian.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Why no security support for binutils? What to do about it?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: Why no security support for binutils? What to do about it?
  - From: Paul Wise <pabs@debian.org>
- Re: Why no security support for binutils? What to do about it?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Why no security support for binutils? What to do about it?
Next by Date: Re: Why no security support for binutils? What to do about it?
Previous by thread: Re: Why no security support for binutils? What to do about it?
Next by thread: Re: Why no security support for binutils? What to do about it?
Index(es):
- Date
- Thread