This is the mail archive of the
mailing list for the GCC project.
Re: 3.2 PATCH: Ada parallel bootstrap fixes
- From: kenner at vlsi1 dot ultra dot nyu dot edu (Richard Kenner)
- To: fw at deneb dot enyo dot de
- Cc: gcc at gcc dot gnu dot org
- Date: Sat, 18 May 02 09:44:59 EDT
- Subject: Re: 3.2 PATCH: Ada parallel bootstrap fixes
So prove me wrong, please. So far, I've seen nothing in this
In normal usage, a "security problem" refers to a bug in a program that will
enable somebody to use that program to gain access to which they are not
entitled. This can only happen if the program in question has some
special access, such as being setUID to root or running as root as a daemon.
By this definition, a problem in a *library* cannot be a "security
problem" by itself. You have to have two conditions met for it to
become a security problem:
(1) A program using that library is run setUID root or as a daemon.
(2) The program has to be written in such a way that the potential
buffer overflow in the library routine results in being able to give
its higher access to an intruder.
Only a very small handful of programmers ever write programs that meet #1
above and Ada is rarely used for them (I'm not saying we want to discourage
Ada from being used in such, just stating the present situation) and they
would then also have to have flaw #2.