oss-sec mailing list archives

Re: Questionable CVE's reported against dnsmasq

From: Alexander Patrakov <patrakov () gmail com>
Date: Thu, 13 Nov 2025 17:31:04 +0800

On Thu, Nov 13, 2025 at 10:34 AM Peter Gutmann
<pgut001 () cs auckland ac nz> wrote:

[0] For example modify the code/operating environment to introduce a security
    vulnerability, I'll let you decide whether this qualifies as impractical,
    unrealistic, stupid, or several of the above.


In a different context, it's practical, realistic, and sometimes a
smart choice. Many custom Android ROMs now have a switch in the
settings that ignores the window secure flag, and yet another one
which prevents them from knowing that a screencast is in progress.

From the app developers' viewpoint (I mean, apps that display

something sensitive), it is an intentionally introduced vulnerability
in the OS. From the user's viewpoint, it's a useful feature.

-- 
Alexander Patrakov

Current thread:

Re: Questionable CVE's reported against dnsmasq, (continued)
- - - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Collin Funk (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Nov 02)
    - Re: Questionable CVE's reported against dnsmasq Demi Marie Obenour (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 03)
    - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 03)
    - Re: Questionable CVE's reported against dnsmasq Demi Marie Obenour (Nov 03)
    - Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 12)
    - Re: Questionable CVE's reported against dnsmasq Alexander Patrakov (Nov 13)
    - Re: Questionable CVE's reported against dnsmasq Jacob Bachmeyer (Nov 13)
    - Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 13)
    - Re: Questionable CVE's reported against dnsmasq Jeffrey Walton (Nov 14)
    - Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 14)
    - Re: Questionable CVE's reported against dnsmasq Olle E. Johansson (Nov 02)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Nov 03)
    - Re: Questionable CVE's reported against dnsmasq Olle E. Johansson (Nov 04)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Nov 04)
    - Re: Questionable CVE's reported against dnsmasq Olle E. Johansson (Nov 05)
    - Re: Questionable CVE's reported against dnsmasq Pedro Sampaio (Nov 05)

(Thread continues...)