The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overruns etc.

Folks,

as the recent ld.so thing shows, we have too many buffer overruns
in our code.  I think it's time to really start looking into this
kind of problem seriously.

I propose that we form a group which goes through all security-relevant
source code with a fine comb, looks for possible weaknesses, and then
takes appropriate action.  Could somebody please create an appropriate
mailing list, and subscribe me?

There are three classes of software which need looking into:

a) suid programs, which a malicious user may use to gain privileges

b) programs which interface with an untrusted environment, e.g.
   networking software.

c) Programs which, when run by user foo, may grant user bar foo's
   privileges.

Appropriate action would usually be a bug report filed against the
package, notification of the upstream author, or a posting to
linux-security.
-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .