oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems in automatic crash analysis frameworks

From: Tavis Ormandy <taviso () google com>
Date: Tue, 5 May 2015 12:01:50 -0700
On Tue, May 5, 2015 at 5:17 AM, Florian Weimer <fweimer () redhat com> wrote:

On 04/23/2015 09:10 PM, Florian Weimer wrote:

On 04/17/2015 09:16 PM, Florian Weimer wrote:

A quick update on the abrt situation.


Another update.  We now have a public tracking bug listing the issues:

  <https://bugzilla.redhat.com/show_bug.cgi?id=1214172>



There is a public build (against EPEL7) of the consolidated fixes,
available as a Copr repository:

  <http://copr.fedoraproject.org/coprs/jfilak/abrt-hardened/>

This also includes the consolidated fixes.

At this stage, we'd appreciate additional comments/reviews.


Thanks Florian, this looks great. I'm just looking at the new ccpp, Is
it intentional that os-release and so on are still copied from the
process root? I realize now the dump directory is owned by root, so
there's no direct way to read it, but it seems like asking for trouble
to have a copy of /etc/shadow in there or something.

Tavis.
Previous By Date Next
Previous By Thread Next

Current thread: