On Thu, Jul 08, 2004 at 08:32:34AM -0600, Dax Kelson wrote: > Yes. This is a shockingly bad nomination. :) > > It seems like an excellent place to start thinking of packages that > > should be maintained, in fedora extras, by the people interested in > > using them, not by the central developers at red hat. > Extremely useful tool that is useful for debugging an innumerable amount > of problems. It has saved literally hundreds of hours for me personally. > Making it less accessible (the network may be down when you need it > after all) would be a travesty. > > Parsing externally controlled input is what it does, so it isn't > surprising the security problems that result. Yea, approx 600klines (cat packet*.c | wc -l) of packet parsing code in C will always have problems no matter how much someone audits it. Assuming we had a bounds-checking gcc/other similar things in the distro compiling it with one wouldn't be a bad idea either. It's one of those packages where the performance hit vs. benefit would be worth it. Sure we have exec-shield, prelink randomization etc., but it never hurts to have extra levels of protection. Having a (strict) SELinux policy for it might be a good thing btw. :-) -- Pekka Pietikainen
