From: David Laight <David.Laight@ACULAB.COM>
To: 'Miguel Ojeda' <miguel.ojeda.sandonis@gmail.com>,
Adrian Bunk <bunk@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Tom Stellard <tstellar@redhat.com>,
Nick Desaulniers <ndesaulniers@google.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
clang-built-linux <clang-built-linux@googlegroups.com>,
Fangrui Song <maskray@google.com>,
Serge Guelton <sguelton@redhat.com>,
Sylvestre Ledru <sylvestre@mozilla.com>
Subject: RE: Very slow clang kernel config ..
Date: Wed, 5 May 2021 11:05:58 +0000 [thread overview]
Message-ID: <5256ed6b6f7d423daeb36fcbfc837fbc@AcuMS.aculab.com> (raw)
In-Reply-To: <CANiq72=aK-JJhpnZdeeGBtADrnXhyEp1Whw5+5rK6a4u85PhxA@mail.gmail.com>
From: Miguel Ojeda
> Sent: 04 May 2021 22:33
...
> > What happens if you use a program provided by your distribution that is
> > written in Rust and handles untrusted input in a way that it might be
> > vulnerable to exploits based on one of these CVEs?
> >
> > The program has a known vulnerability that will likely stay unfixed.
>
> Why? I fail to see what is the issue rebuilding (or relinking) all
> packages except distributions lacking enough compute resources.
The problem isn't the packages that come with the distribution.
The problem is 3rd party programs supplied as binaries.
They have 2 big requirements:
1) The same binary will run on all distributions (newer than some cutoff).
2) Any serious bug fixes in system libraries get picked up when the
distribution updates the library.
There is also the possibility that the implementation of some
function differs between distributions.
So you absolutely need to use the version from the installed system
not whatever was in some static library on the actual build machine.
Both of these need stable ABI and shared libraries.
Remember, as far as userspace is concerned, foo.h is the definition
for 'foo' and foo.so is the current implementation.
(yes, I know a little bit of info is taken from foo.so on the build
system - but that ought to be absolutely minimal.)
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2021-05-05 11:06 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 21:53 Very slow clang kernel config Linus Torvalds
2021-04-30 0:19 ` Nick Desaulniers
2021-04-30 2:22 ` Nick Desaulniers
2021-05-01 0:19 ` Nick Desaulniers
2021-05-01 0:23 ` Nick Desaulniers
2021-05-01 0:25 ` Nick Desaulniers
2021-05-01 0:40 ` Nick Desaulniers
2021-05-01 1:22 ` Linus Torvalds
2021-05-01 1:48 ` Nick Desaulniers
2021-05-01 2:16 ` Fangrui Song
2021-05-01 3:32 ` Tom Stellard
2021-05-01 16:32 ` Linus Torvalds
2021-05-01 19:57 ` Serge Guelton
2021-05-01 22:39 ` Linus Torvalds
2021-05-01 23:55 ` Fangrui Song
2021-05-01 21:58 ` David Laight
2021-05-02 9:31 ` Adrian Bunk
2021-05-02 11:35 ` David Laight
2021-05-02 16:12 ` Linus Torvalds
2021-05-02 16:45 ` Adrian Bunk
2021-05-02 16:49 ` Linus Torvalds
2021-05-02 17:55 ` Adrian Bunk
2021-05-02 17:59 ` Linus Torvalds
2021-05-02 21:48 ` Adrian Bunk
2021-05-04 22:02 ` Miguel Ojeda
2021-05-05 0:58 ` Theodore Ts'o
2021-05-05 17:21 ` Miguel Ojeda
2021-05-04 21:32 ` Miguel Ojeda
2021-05-05 11:05 ` David Laight [this message]
2021-05-05 13:53 ` Miguel Ojeda
2021-05-05 14:13 ` David Laight
2021-05-05 16:06 ` Miguel Ojeda
2021-05-05 16:25 ` David Laight
2021-05-05 17:55 ` Miguel Ojeda
2021-05-03 1:03 ` Maciej W. Rozycki
2021-05-03 14:38 ` Theodore Ts'o
2021-05-03 14:54 ` Theodore Ts'o
2021-05-03 17:14 ` Maciej W. Rozycki
2021-05-03 16:09 ` David Laight
2021-05-04 23:04 ` Greg Stark
2021-05-05 0:55 ` Theodore Ts'o
2021-05-01 23:37 ` Mike Hommey
2021-05-02 5:19 ` Dan Aloni
2021-05-03 16:48 ` Tom Stellard
2021-05-03 19:00 ` Fangrui Song
2021-04-30 0:52 ` Nathan Chancellor
2021-04-30 2:21 ` Nick Desaulniers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5256ed6b6f7d423daeb36fcbfc837fbc@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=bunk@kernel.org \
--cc=clang-built-linux@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=maskray@google.com \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=sguelton@redhat.com \
--cc=sylvestre@mozilla.com \
--cc=torvalds@linux-foundation.org \
--cc=tstellar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.