Bug#368297: About the libgcrypt and OpenLDAP issue
Werner Koch
wk at gnupg.org
Fri Apr 19 19:23:28 UTC 2013
On Fri, 19 Apr 2013 19:25, jcristau at debian.org said:
> If that "solution" is to have sudo itself call into libgcrypt, that
> doesn't sound like a solution at all. sudo doesn't know how libldap
> implements crypto, it doesn't care, and it shouldn't have to care IMO.
Uh-oh. A suid program that does not care what code it uses?
Folks, please read some basics about secure programming and then back to
the drawing board. I remember a time Debian was proud of its good
security policies :-(.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnutls-maint
mailing list