Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 14 Jun 2014 13:11:43 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Binaries compiled with musl (1.1.2) are vulnerable to an
 ancient ldd exploit

On Sat, Jun 14, 2014 at 06:42:56PM +0200, Szabolcs Nagy wrote:
> * Steven Honeyman <stevenhoneyman@...il.com> [2014-06-14 17:27:33 +0100]:
> > 
> > If that libc-alpha commit makes it through (eventually!) then agreed,
> > this is no longer an issue.
> > 
> 
> i dont see how this is an issue
> 
> it is simply not the responsibility of musl to fix or
> work around such bugs in other projects even if it were
> dangerous

Indeed, I see the request to "fix" this on musl's side as a request
for something that falls midway between security-through-obscurity and
DRM. It's not musl's responsibility to make it difficult to write
malicious programs any more than it's the compiler's responsibility to
do so, and of couse since musl is open source, it's not even possible
to actually prevent users from doing so.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.