From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/7316
Path: news.gmane.org!not-for-mail
From: u-wsnj@aetey.se
Newsgroups: gmane.linux.lib.musl.general,gmane.linux.busybox
Subject: Re: Re: Busybox on musl is affected by CVE-2015-1817
Date: Thu, 2 Apr 2015 20:02:08 +0200
Message-ID: <20150402180208.GD4456@example.net>
References: <20150330053150.GA484@brightrain.aerifal.cx>
 <CAK1hOcMx=dHSx0kjXVFciqcuY0k=VwqM0Xb2zcwec8SyPvRtfA@mail.gmail.com>
 <20150331234810.GN6817@brightrain.aerifal.cx>
 <20150401074116.GN23636@example.net>
 <551BA847.3040609@gmx.de>
 <20150401084940.GO23636@example.net>
 <20150402153825.GX6817@brightrain.aerifal.cx>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1427997772 2582 80.91.229.3 (2 Apr 2015 18:02:52 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 2 Apr 2015 18:02:52 +0000 (UTC)
Cc: busybox@busybox.net
To: musl@lists.openwall.com
Original-X-From: musl-return-7329-gllmg-musl=m.gmane.org@lists.openwall.com Thu Apr 02 20:02:51 2015
Return-path: <musl-return-7329-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-7329-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1YdjS4-0004fW-DP
	for gllmg-musl@m.gmane.org; Thu, 02 Apr 2015 20:02:48 +0200
Original-Received: (qmail 15369 invoked by uid 550); 2 Apr 2015 18:02:47 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 14327 invoked from network); 2 Apr 2015 18:02:46 -0000
X-T2-Spam-Status: No, hits=0.8 required=5.0 tests=BAYES_50
Received-SPF: none
 receiver=mailfe01.swip.net; client-ip=176.108.160.242; envelope-from=u-wsnj@aetey.se
Content-Disposition: inline
In-Reply-To: <20150402153825.GX6817@brightrain.aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:7316 gmane.linux.busybox:41114
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/7316>

On Thu, Apr 02, 2015 at 11:38:25AM -0400, Rich Felker wrote:
> > Unfortunately I can not really appreciate its beauty which appears to hide
> > the complexity and/or move it to other parties (like the dynamic linker
> > or the software maintenance infrastructure). Yes it "looks simple and
> > efficient" but is it, really?
> 
> It's not.

This was intended to be a rhetorical question
but a clear statement surely does not hurt.

> > Unfortunately even seasoned gurus easily create / fail to notice holes!
> > :(
> 
> I'd much rather eliminate the opportunity for the hole from the start.

Exactly. Honestly this is what I meant.

Rune