public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "maxkamper at outlook dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug stdio/25812] New: Libio vtable protection is sometimes only partially enforced Date: Fri, 10 Apr 2020 17:22:27 +0000 [thread overview] Message-ID: <bug-25812-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=25812 Bug ID: 25812 Summary: Libio vtable protection is sometimes only partially enforced Product: glibc Version: 2.31 Status: UNCONFIRMED Severity: normal Priority: P2 Component: stdio Assignee: unassigned at sourceware dot org Reporter: maxkamper at outlook dot com Target Milestone: --- Some versions of GLIBC bundled with popular distros still place their libio vtables in a writable segment. E.g. Ubuntu 1904 (which uses GLIBC 2.29) exhibits this behaviour, whilst the earlier Ubuntu 1804 (which uses GLIBC 2.27) does not. This could be a choice on behalf of the distro maintainers but it seems unlikely. Vtable pointers are still checked before dereferencing but I feel this is undermined somewhat by the fact that the vtables themselves are mapped writable. Perhaps the issue is in the Makerules file, around line 549, which is commented "If the linker is good enough, we can let it use its default linker script." The issue seems to manifest depending on the preceding ifeq statement's result. I'm not well versed enough in the workings of linkers to comment as to why this might be, but I've experienced the same writable vtable issue whilst building GLIBC using more recent versions of GCC. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2020-04-10 17:22 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-10 17:22 maxkamper at outlook dot com [this message] 2020-04-15 7:09 ` [Bug stdio/25812] " luciham20 at gmail dot com 2020-04-15 7:11 ` luciham20 at gmail dot com 2021-09-30 13:57 ` fweimer at redhat dot com 2022-04-11 9:17 ` fweimer at redhat dot com 2022-04-12 11:27 ` fweimer at redhat dot com 2022-04-22 10:31 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-25812-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).