Bug#368297: About the libgcrypt and OpenLDAP issue
Carlos Alberto Lopez Perez
clopez at igalia.com
Fri Apr 19 23:35:54 UTC 2013
On 20/04/13 00:08, Werner Koch wrote:
>> At least, I think that you should consider adding a new flag to
>> > libgcrypt that allows the application/library developer to complete
>> > disable the dropping privileges feature. Perhaps something like:
> That was my suggesttion. Shall we go for that?
>
I think it would be a good idea to add this feature to libgcrypt.
However, I don't think that it would help us with this specific Debian
bug because it would be implemented as an optional feature.
And the suid application (sudo/su/passwd/...) can't know anything about
libgcrypt, so it can't set this flag or any other libgcrypt flag.
So the only option would be to set the flag either in gnutls or libldap.
And this is more or less what the previous proposed patches are doing by
disabling secmem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130420/23b00f8e/attachment.pgp>
More information about the Pkg-gnutls-maint
mailing list