From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: "Volker Weißmann" <volker.weissmann@gmx.de>, libc-alpha@sourceware.org
Subject: Re: [PATCH] Fix FORTIFY_SOURCE false positive
Date: Mon, 2 Oct 2023 14:00:20 -0400 [thread overview]
Message-ID: <74305391-aad9-de52-9ad7-07df57e727f6@gotplt.org> (raw)
In-Reply-To: <20231002155339.2571514-1-volker.weissmann@gmx.de>
On 2023-10-02 11:53, Volker Weißmann wrote:
> When -D_FORTIFY_SOURCE=2 was given during compilation,
> sprintf and similar functions will check if their
> first argument is in read-only memory and exit with
> *** %n in writable segment detected ***
> otherwise. To check if the memory is read-only, glibc
> reads form the file "/proc/self/maps". If opening this
> file fails due to too many open files (EMFILE), glibc
> will now ignore this error.
> ---
Ugh, that looks like an easy way to defeat format string fortification :/
The fix is fine I think, just a little nit below.
> sysdeps/unix/sysv/linux/readonly-area.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/sysdeps/unix/sysv/linux/readonly-area.c b/sysdeps/unix/sysv/linux/readonly-area.c
> index edc68873f6..629163461a 100644
> --- a/sysdeps/unix/sysv/linux/readonly-area.c
> +++ b/sysdeps/unix/sysv/linux/readonly-area.c
> @@ -42,7 +42,15 @@ __readonly_area (const char *ptr, size_t size)
> to the /proc filesystem if it is set[ug]id. There has
> been no willingness to change this in the kernel so
> far. */
> - || errno == EACCES)
> + || errno == EACCES
> + /* Example code to trigger EMFILE:
> + while(1) {
> + FILE *file = fopen("/dev/zero", "r");
> + assert(file != NULL);
> + }
> + If your libc was compiled with -D_FORTIFY_SOURCE=2, we run
Shouldn't this be "If the program was compiled with..." and not libc?
Also, maybe the example code is unnecessary and you could just mention
that the if the open file threshold is reached, this could become a
spurious failure.
> + into this if clause here. */
> + || errno == EMFILE)
> return 1;
> return -1;
> }
> --
> 2.42.0
>
Also, if you don't have a copyright assignment on file with the FSF,
could you add a Signed-off-by to certify your contribution?
Thanks,
Sid
next prev parent reply other threads:[~2023-10-02 18:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 15:53 Volker Weißmann
2023-10-02 18:00 ` Siddhesh Poyarekar [this message]
2023-10-02 18:12 ` Adhemerval Zanella Netto
2023-10-02 18:20 ` Siddhesh Poyarekar
2023-10-03 13:22 ` Volker Weißmann
2023-10-03 16:47 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74305391-aad9-de52-9ad7-07df57e727f6@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=libc-alpha@sourceware.org \
--cc=volker.weissmann@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).