Date: Wed, 18 May 2011 21:28:17 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Multiple libraries privilege checking On Wed, May 18, 2011 at 06:53:23PM +0200, yersinia wrote: > It happens that I am, with another name, an rpm5/popt comantainer . I am very > interested to integrate these patches, being also a security > professional. Very <offtopic> We have many more rpm patches here: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/rpm/ These are against rpm-4.2 and most of them are non-security, but they were required to make rpm usable for us. For example, when a package is rebuilt with some changes but without Epoch/Version/Release change, and the old build contains some files that are not in the new build, and the package is upgraded on a system (such as with "-U --force"), the original rpm would leave orphaned files around on the system (security relevance: even SUID/SGID program binaries). Ours removes those files. You could want to take a look at our patches and see if any are still relevant to rpm5. </offtopic> > useful to follow this mailing list, but I am not part of a distro, at least > for now, and I can no longer follow it in the future due to the recent > policy change. Thanks anyway. Huh? There's no policy change. Are you possibly misinterpreting the "Closed list" thread as applying to the oss-security list? It does not. The closed list is an alternative to the old vendor-sec and to the CC lists that started to appear in the month without vendor-sec. It is not an alternative to oss-security. In fact, with the new closed list being more limited than the old vendor-sec was, I expect more topics to be discussed on oss-security than there were when vendor-sec was around. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.