Re: Why no security support for binutils? What to do about it?

To: Daniel Reichelt <debian@nachtgeist.net>
Cc: debian-security@lists.debian.org
Subject: Re: Why no security support for binutils? What to do about it?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 01 Jan 2020 14:15:56 +0100
Message-id: <[🔎] 87lfqriagj.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] f5d21b09-6e85-fdd8-43cf-532372501b1b@nachtgeist.net> (Daniel Reichelt's message of "Wed, 1 Jan 2020 14:06:00 +0100")
References: <87h81h8dg2.fsf@hfph.mwn.de> <87lfqsomtg.fsf@mid.deneb.enyo.de> <[🔎] CAKTje6FZr67Wf-J5EKBwBh2egnKhqHXpQtZPkyAbG4z+6ev+dA@mail.gmail.com> <[🔎] 87sgkzib8s.fsf@mid.deneb.enyo.de> <[🔎] f5d21b09-6e85-fdd8-43cf-532372501b1b@nachtgeist.net>

* Daniel Reichelt:

>> Some of its checks look inherently dangerous, e.g. the bash -n
>> check for shell syntax.
>
> Why would bash -n be dangerous?

In the past, the bash parser was not very successful at inhibiting
command execution.  I doubt that this has changed, although some
corner cases have been fixed.

Reply to:

References:
- Re: Why no security support for binutils? What to do about it?
  - From: Paul Wise <pabs@debian.org>
- Re: Why no security support for binutils? What to do about it?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Why no security support for binutils? What to do about it?
  - From: Daniel Reichelt <debian@nachtgeist.net>

Prev by Date: Re: Why no security support for binutils? What to do about it?
Next by Date: Re: Why no security support for binutils? What to do about it?
Previous by thread: Re: Why no security support for binutils? What to do about it?
Next by thread: Bug#948634: debian-security-support: please elaborate on binutils' status
Index(es):
- Date
- Thread