[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nominate for removal: ethereal



On Thu, Jul 08, 2004 at 08:32:34AM -0600, Dax Kelson wrote:
> Yes. This is a shockingly bad nomination. :)
> > It seems like an excellent place to start thinking of packages that
> > should be maintained, in fedora extras, by the people interested in
> > using them, not by the central developers at red hat. 
> Extremely useful tool that is useful for debugging an innumerable amount
> of problems. It has saved literally hundreds of hours for me personally.
> Making it less accessible (the network may be down when you need it
> after all) would be a travesty.
> 
> Parsing externally controlled input is what it does, so it isn't
> surprising the security problems that result.
Yea, approx 600klines (cat packet*.c | wc -l) of packet parsing code in C
will always have problems no matter how much someone audits it.

Assuming we had a bounds-checking gcc/other similar things in the distro
compiling it with one wouldn't be a bad idea either. It's one of those
packages where the performance hit vs. benefit would be worth it. 
Sure we have exec-shield, prelink randomization etc., but it never
hurts to have extra levels of protection.

Having a (strict) SELinux policy for it might be a good thing btw. :-)

-- 
Pekka Pietikainen



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]