This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 3.2 PATCH: Ada parallel bootstrap fixes


    There are also different, less grave security problems, for example
    denial of service vulnerabilities or information leaks.  Unauthorized
    privilege escalation is just one security problem, but there are
    others.

Yes, but my point was that what all of these have in common is providing
a way for a user to have access they should not rightly have.  In other
words, privilege escalation.  The issue is getting the wrongly-obtained
privilege, not what one does wirh it.

    Remember that similar problems have been fixed in C libraries years
    ago.  Should we really wait until Ada programms are bitten by the same
    problem?

I haven't heard anybody suggest it's not a legitimate bug to be fixed.
The objection is that the implicit escalation of priority that results
from labelling it as a "security bug" is not justified.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]