Comment by fhub

13 days ago

Even with automated tests you'd need to think of this exploit right? Perhaps fuzzing would have got it. The mailing lists says they proved it successful on

- OpenIndiana

- FreeBSD

- Debian GNU/Linux

So not complete YOLO.

See https://lists.gnu.org/archive/html/bug-inetutils/2015-03/msg...

FWIW, a well known LLM agent, when I asked for a review of the patch, did suggest it was dodgy but didn't pick up the severity of how dodgy it was.

4 comments

fhub

JCattheATM 13 days ago

> a well known LLM agent

Which one?

accrual 13 days ago
Not GP, but my local Ministral 3 14B and GPT-OSS 20B didn't catch anything unless I gave some hints.
- JCattheATM 13 days ago
  
  He says 'well known' so I assume Claude or GPT, I just don't get why he's being coy.
  
  1 reply →