This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.

From: Mike Frysinger <vapier at gentoo dot org>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: Hector Marco-Gisbert <hecmargi at upv dot es>, Florian Weimer <fweimer at redhat dot com>, Carlos O'Donell <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>, Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Jaeger <aj at suse dot com>, Ismael Ripoll Ripoll <iripoll at upv dot es>
Date: Mon, 19 Oct 2015 14:07:39 -0400
Subject: Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
Authentication-results: sourceware.org; auth=none
References: <1441471191-4683-1-git-send-email-hecmargi at upv dot es> <56162CD0 dot 4070902 at redhat dot com> <5618710F dot 6060406 at redhat dot com> <56210EF1 dot 9030801 at upv dot es> <56211681 dot 20200 at redhat dot com> <5624FE7E dot 9050402 at upv dot es> <alpine dot DEB dot 2 dot 10 dot 1510191646190 dot 23235 at digraph dot polyomino dot org dot uk>

On 19 Oct 2015 16:48, Joseph Myers wrote:
> On Mon, 19 Oct 2015, Hector Marco-Gisbert wrote:
> > 4.- The CVE can be assigned or not, it depends on many factors, we don't care
> > that much. But it is obvious that our contribution have been used to improve
> > the security of the Glibc, and then it must be properly credited.
> 
> Isn't the normal credit for a bug reported in public (whether or not a 
> security bug): the bug number is referenced in the ChangeLog and the 
> commit message, and anyone can follow that reference back to see who 
> reported the bug?  I would hope that databases of CVEs would also point 
> directly to the bug report in Bugzilla, not just the commit fixing the 
> bug.

yeah, the name in the ChangeLog is used for showing who made the change,
not who reported the issue.  if the older entries mentioned reporters,
then that was a mistake.  the commit message / bug is where details like
the reporter go.

https://www.gnu.org/prep/standards/html_node/Style-of-Change-Logs.html
-mike

Attachment: signature.asc
Description: Digital signature

References:
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Florian Weimer
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Carlos O'Donell
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Hector Marco-Gisbert
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Florian Weimer
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Hector Marco-Gisbert
- Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
  - From: Joseph Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]