Todd Cullum

icon company Red Hat icon location California, USA icon location Security Engineer at Red Hat Product Security

Results 4 comments of Todd Cullum

Insecure data serialization method by default with pickle on Cache

@x-warrior @amol- , I've not very familiar with beaker, so wanted to clarify: What is the risk & source of untrusted data here? From what I see (and I could...

Insecure data serialization method by default with pickle on Cache

@x-warrior yes, thank you. Note that this is now CVE-2013-7489: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7489 .

CVE report

So the open question here is - is this a flaw in the library or just in the consumers of the API? I would suspect that the library would need...

Recommended compiler and linker flags for GCC when building native library

> thanks, @myfirenze, > > Among the recommended flags in the link, did you have any specific reason you picked up these six (BIND_NOW, NX, PIC, PIE, RELRO, and SP)?...