From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-52241-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 32570 invoked by alias); 14 Aug 2014 16:26:38 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 32559 invoked by uid 89); 14 Aug 2014 16:26:37 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,RDNS_DYNAMIC,TVD_RCVD_IP autolearn=no version=3.3.2
X-HELO: brightrain.aerifal.cx
Date: Thu, 14 Aug 2014 16:26:00 -0000
From: Rich Felker <dalias@libc.org>
To: Andreas Schwab <schwab@suse.de>
Cc: Florian Weimer <fweimer@redhat.com>, libc-alpha@sourceware.org
Subject: Re: Implement C11 annex K?
Message-ID: <20140814162628.GC12888@brightrain.aerifal.cx>
References: <53EBEACD.3070000@googlemail.com>
 <87k36cc559.fsf@windlord.stanford.edu>
 <20140814022501.GT12888@brightrain.aerifal.cx>
 <87r40jbq2p.fsf@windlord.stanford.edu>
 <20140814054610.GV12888@brightrain.aerifal.cx>
 <87ha1fbnrp.fsf@windlord.stanford.edu>
 <53EC87A4.1080805@redhat.com>
 <mvmr40j4cep.fsf@hawking.suse.de>
 <53EC8A1F.8080203@redhat.com>
 <mvmmwb74bx0.fsf@hawking.suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <mvmmwb74bx0.fsf@hawking.suse.de>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SW-Source: 2014-08/txt/msg00238.txt.bz2

On Thu, Aug 14, 2014 at 12:12:59PM +0200, Andreas Schwab wrote:
> Florian Weimer <fweimer@redhat.com> writes:
> 
> > On 08/14/2014 12:02 PM, Andreas Schwab wrote:
> >> Florian Weimer <fweimer@redhat.com> writes:
> >>
> >>> Here's a security bug which resulted from the incorrect use of strlcpy:
> >>>
> >>>    <http://www.samba.org/samba/security/CVE-2014-3560>
> >>>    <https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
> >>
> >> This only proves that strlcpy isn't any better at preventing security
> >> bugs.
> >
> > It also shows that there is a real cost to not providing strlcpy in glibc.
> 
> No, you got it backwards.  Had samba used the standard string functions
> it would have been "protected" by fortification.  Of course,
> fortification is just a workaround for sloppy programming anyway.

Except that we don't have any control over what Samba does, much less
any control over what every single broken app out there does. Unless
you want to go audit them all, file bug reports, and work through the
fights with their maintainers to get them to fix things, the practical
way to improve security is to provide a correct, fortify-compatible
strlcpy/strlcat in glibc so that these bugs can be caught
automatically. That's something the glibc team _can_ actually do.

Rich