Re: [announce] procps 2.0.13 with NPTL enhancements

From: Paolo Ciarrocchi (ciarrocchi@linuxmail.org)
Date: Fri May 30 2003 - 03:15:00 EST

Next message: Russell King: "Re: IRQ_NONE definition in NCR5380 driver..."
Previous message: Stephan von Krawczynski: "Re: Undo aic7xxx changes"
In reply to: Adrian Bunk: "Re: [announce] procps 2.0.13 with NPTL enhancements"
Next in thread: cosmos: "Re: [announce] procps 2.0.13 with NPTL enhancements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> Well, since I read Albert Cahalan's comment in
>>> Debian bug #172735 [1] I understand the people
>>> maintaining a different branch...
>>
>> Exactly.
>>
>> That bug is fixed in the official tree, fyi.
>> A segfault, as you said, is always a bug.
>> An error message is displayed.
>
>You asked for it...
>
>Nice cheapshot there. So, if I remove some
>critical kernel interfaces from your system,
>nothing should crash? How about I take out
>a few choice system calls or a chunk of libc?

It is not the same thing, I think that you
agree on that, too.

>(note: the "bug" is not exploitable)
>
>Face it. For nearly a decade, /proc has been
>a critical kernel interface. This isn't 1991.
>(embedded systems excepted; they don't use procps)
>
>That said, I may do something about the issue
>simply to please users with messed-up systems.

In my opinion, you have to do something about
the issue, because it is a bug, it is not
a missing feature. But this is just my opinion,
you are the maintainer, you take decisions.

>> Once that bug is fixed, he will probably find
>> that the inability to read files in /proc also
>> causes a crash. Such is the problem with this
>> duplicated effort. It sucks.
>
>I could tell you about some inputs that
>make your programs crash... Nah. Find them
>yourself. I wait for your screams. >:-)

'Find them yourself', nice answer ;-(
It is a pity read this kind of comment,
I still don't understand the reasons
of this duplications of code and the reason
of this kind of silly sarcastic remarks.

>You finally fixed a SEGV that I fixed well
>over a year ago. Congradulations. You have
>others to fix, and a minor (?) security
>issue as well. Have fun.

Again, you know there is a problem but you
don't say anything about it.
You do not want to fix it, don't you ?
This is fine with me (even if it is hard to
understand the reason), but you are just
/wrong/ when you know about a problem and
don't provide information about it.
Again, this is just my opinion...

>Oooh... I think you have an exploitable
>buffer overflow as well. Anybody running
>his procps as an i386 binary on IA-64?

Ditto.

Ciao,
Paolo

--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "Re: IRQ_NONE definition in NCR5380 driver..."
Previous message: Stephan von Krawczynski: "Re: Undo aic7xxx changes"
In reply to: Adrian Bunk: "Re: [announce] procps 2.0.13 with NPTL enhancements"
Next in thread: cosmos: "Re: [announce] procps 2.0.13 with NPTL enhancements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]