Re: Debian libssl security (Cause???)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Ted Unangst <ted.unangst@...>

To: <ross.cameron@...>

Cc: Otto Moerbeek <otto@...>, <misc@...>

Subject: Re: Debian libssl security (Cause???)

Date: Friday, May 16, 2008 - 4:02 pm

On 5/16/08, Ross Cameron <ross.cameron@linuxpro.co.za> wrote:
quoted text> Mmmmmmm this isn't the first time I've heard of bogus reports from Valgrind.
>  How does one politely inform the Debian project to not trust it explicitly
>  and to human audit anything it flags?

I think people are placing too much blame on valgrind.  valgrind
doesn't tell you "Delete this line of code."  It says "You are using
uninitialized memory here."  The correct fix is to initialize the
memory, not delete the line of code.  It's not about trusting or not
trusting the tool; it's about responding correctly.

I've seen innocuous valgrind reports, but never wrong ones.  I also
saw a valgrind report ignored as innocuous because it didn't seem to
cause trouble, only to be the root cause of a problem that cost a
minimum of $50,000 to resolve later.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 7:31 am)

Re: Debian libssl security (Cause???), Otto Moerbeek, (Fri May 16, 7:41 am)

Re: Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 8:30 am)

Re: Debian libssl security (Cause???), Ted Unangst, (Fri May 16, 4:02 pm)

Re: Debian libssl security (Cause???), Otto Moerbeek, (Sat May 17, 2:36 am)

Re: Debian libssl security (Cause???), Tim Post, (Sat May 17, 3:12 am)

Re: Debian libssl security (Cause???), Travers Buda, (Fri May 16, 2:33 pm)

Re: Debian libssl security (Cause???), mcb, inc., (Fri May 16, 3:06 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Tomasz Kłoczko	Is it time for remove (crap) ALSA from kernel tree ?
Greg Kroah-Hartman	[PATCH 008/196] Chinese: add translation of volatile-considered-harmful.txt
David Miller	Slow DOWN, please!!!
Aubrey	O_DIRECT question
git:
Martin Langhoff	Re: pack operation is thrashing my server
Francis Moreau	emacs and git...
Mirko Stocker	Working with Git and CVS in a team.
Keith Packard	Re: parsecvs tool now creates git repositories
linux-netdev:
Chris Peterson	[PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM
Natalie Protasevich	[BUG] New Kernel Bugs
Karen Xie	[RFC][PATCH 1/1] cxgb3i: cxgb3 iSCSI initiator
Jeff Garzik	[git patches] net driver updates for .27
openbsd-misc:
Jonathan Thornburg	svnd questions (encrypting all of a partition or disk)
Richard Stallman	Real men don't attack straw men
Daniel Ouellet	identifying sparse files and get ride of them trick available?
Brandon Lee	DELL PERC 5iR slow performance

Latest forum posts


high memory	3 hours ago	Linux kernel
semaphore access speed	6 hours ago	Applications and Utilities
the kernel how to power off the machine	7 hours ago	Linux kernel
Easter Eggs in windows XP	10 hours ago	Windows
Shared swap partition	11 hours ago	Linux general
Root password	11 hours ago	Linux general
Where/when DNOTIFY is used?	13 hours ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	15 hours ago	Linux kernel
Linux 2.6.24 and I/O schedulers	16 hours ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	21 hours ago	Linux general

Show all forums...

Recent Tags

Linux bugs 2.6.27-rc8 Intel Linus Torvalds -rc quote -rc8 2.6.27

more tags

Colocation donated by:

Online users

Syndicate