This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 3.2 PATCH: Ada parallel bootstrap fixes

    So prove me wrong, please.  So far, I've seen nothing in this

In normal usage, a "security problem" refers to a bug in a program that will
enable somebody to use that program to gain access to which they are not
entitled.  This can only happen if the program in question has some
special access, such as being setUID to root or running as root as a daemon.

By this definition, a problem in a *library* cannot be a "security
problem" by itself.  You have to have two conditions met for it to
become a security problem:

(1) A program using that library is run setUID root or as a daemon.
(2) The program has to be written in such a way that the potential
    buffer overflow in the library routine results in being able to give
    its higher access to an intruder.

Only a very small handful of programmers ever write programs that meet #1
above and Ada is rarely used for them (I'm not saying we want to discourage
Ada from being used in such, just stating the present situation) and they
would then also have to have flaw #2.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]