Debian patches away security – again


The debian devs broke hardened php on their platform by trying to fix a compile time issue.

“The Debian maintainers tried to fix the problem by replacing the aligned suhosin_config variable with a pointer. They then allocate a single memory mapped page and set it to read only. While this fixes the possible crash it shows that the Debian PHP maintainers did not fully understand the idea behind that code.”

http://www.suspekt.org/2010/02/27/debian-breaks-suhosin-security-feature/

I wonder where debian devs take their eternal righteousness. I bet soon we’ll yet again see statements about how the original author confused the package maintainer or some other reason for why debian isn’t at fault, doesn’t have any issues and knows best[tm].

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s