Web lists-archives.com

Re: Reducing the attack surface caused by Berkeley DB...

On Jan 25, Lionel Debroux <lionel_debroux@xxxxxxxx> wrote:

> Several days ago, jmm from the security team suggested that I start a
> discussion on debian-devel about Berkeley DB, which has known security
> issues, because doing so may enable finding a consensus on how to move
Can you clarify the threat model?
E.g. is libdb attackable by user-supplied data from the program using it 
or do attacks require write access to the db files?


Attachment: signature.asc
Description: PGP signature