From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from buffalo.birch.relay.mailchannels.net (buffalo.birch.relay.mailchannels.net [23.83.209.24]) by sourceware.org (Postfix) with ESMTPS id B6E473858C5E for ; Mon, 2 Oct 2023 18:00:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B6E473858C5E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id AE660941625; Mon, 2 Oct 2023 18:00:22 +0000 (UTC) Received: from pdx1-sub0-mail-a248.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 30F1C942584; Mon, 2 Oct 2023 18:00:22 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1696269622; a=rsa-sha256; cv=none; b=eB1c1eLW03I4LmGFUzT0H1Rq4N+hxgE7VNP/A11ixeYhmrj5JkRYiwlZGngtyNWywLUJ21 RjtIhYVRcIuNt4WXSljGpxW+kvJc3paD1S9WmfYtNWCvWAH7gcTvXtAp08Xj0r2JaCnuH7 OtuaP4YPS2N5WQ2ZtU7zdPzmm3V5qIHs+6MGBY+Ewda4MCUXxElf2VBFzj1zzGVUgYbvVu CraymEWxHpxsx0ymG4ucaPTUFeOe8i5l5gA+pLf9OLsXMIXO9bfgvEwIIupFATmlPOOE1e 6brxSQXczptG815Nkp9KBPxXxy5aGNLb14q4TIrnMaV/jB5uhlgngUheaBI3WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1696269622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Wxk3zhZT8Fn1fZ/xd0/F6DiGS6Qy4UOmxoMEvVV18Q0=; b=vyb6saNENUjAH+o8lqeWrMidgSrpcDMK0NUqyGFbycTj4UklqKJxD+5COeSYcjREfd4L/5 4OdbPe1QAqr5K8JT/XPyyyjOJWKMmcDEpyzj4aYNQ4ZjBIsCtglkMGd84KaHeK1u74jg3B /aCVB4RApxfEy+iFFBmnFFxcKfDyv/0bMPeP+jNmhsB7h3tJGuF6LXoSRxFgXJwwqMDbYL WdfcvkXrV/3v8K6iSucNXD25qIss3aagk5xdKl44dB9k4aJWkdKr2LK+r8cwCBe5LCFeB7 1VP2ZyLxKEBUcxUJBRPays3MRcgrF/xakTcXSBcaF7Gnsq3y5ysbdu1r1bu4fQ== ARC-Authentication-Results: i=1; rspamd-7d5dc8fd68-lh4qv; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Harmony-Name: 5d122c4975d2c731_1696269622441_1129358782 X-MC-Loop-Signature: 1696269622441:2245558180 X-MC-Ingress-Time: 1696269622441 Received: from pdx1-sub0-mail-a248.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.101.166.200 (trex/6.9.1); Mon, 02 Oct 2023 18:00:22 +0000 Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a248.dreamhost.com (Postfix) with ESMTPSA id 4Rzpdd5lX2zC2; Mon, 2 Oct 2023 11:00:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1696269622; bh=Wxk3zhZT8Fn1fZ/xd0/F6DiGS6Qy4UOmxoMEvVV18Q0=; h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding; b=jL7kJ5HsO/RsJBan543N21jCWw57MYUmSPU/7F9hA164x6ZcYlElsFD21GT9Bca6V 86u5cGxZCsEvu5sVs9XSvLbxdNpkoWCr4eVSXuJbBR12xhTBZLaWBx/5aIaKP7f1P/ 9w9EF5JZ/7sGCJOpvJvEA8B62ADbnccFQ4rtmPEwv3loW7EQmhbPl8csjxHT5c1SIv ihMNwfjQj4/0YIXlJxzfl63SqMis7HVD9M2UEzbTWt9m8dCJHLTaqm5qi9Y2IBO4LH KJaFMcPjhGHvo6cBDuOth15C9CIpJ5i6XnVzVxjhmPJN04m5vamWm1u4gL/c1YtUfW GpdEwoYwjftCQ== Message-ID: <74305391-aad9-de52-9ad7-07df57e727f6@gotplt.org> Date: Mon, 2 Oct 2023 14:00:20 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Content-Language: en-US To: =?UTF-8?Q?Volker_Wei=c3=9fmann?= , libc-alpha@sourceware.org References: <20231002155339.2571514-1-volker.weissmann@gmx.de> From: Siddhesh Poyarekar Subject: Re: [PATCH] Fix FORTIFY_SOURCE false positive In-Reply-To: <20231002155339.2571514-1-volker.weissmann@gmx.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3037.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-10-02 11:53, Volker Weißmann wrote: > When -D_FORTIFY_SOURCE=2 was given during compilation, > sprintf and similar functions will check if their > first argument is in read-only memory and exit with > *** %n in writable segment detected *** > otherwise. To check if the memory is read-only, glibc > reads form the file "/proc/self/maps". If opening this > file fails due to too many open files (EMFILE), glibc > will now ignore this error. > --- Ugh, that looks like an easy way to defeat format string fortification :/ The fix is fine I think, just a little nit below. > sysdeps/unix/sysv/linux/readonly-area.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/sysdeps/unix/sysv/linux/readonly-area.c b/sysdeps/unix/sysv/linux/readonly-area.c > index edc68873f6..629163461a 100644 > --- a/sysdeps/unix/sysv/linux/readonly-area.c > +++ b/sysdeps/unix/sysv/linux/readonly-area.c > @@ -42,7 +42,15 @@ __readonly_area (const char *ptr, size_t size) > to the /proc filesystem if it is set[ug]id. There has > been no willingness to change this in the kernel so > far. */ > - || errno == EACCES) > + || errno == EACCES > + /* Example code to trigger EMFILE: > + while(1) { > + FILE *file = fopen("/dev/zero", "r"); > + assert(file != NULL); > + } > + If your libc was compiled with -D_FORTIFY_SOURCE=2, we run Shouldn't this be "If the program was compiled with..." and not libc? Also, maybe the example code is unnecessary and you could just mention that the if the open file threshold is reached, this could become a spurious failure. > + into this if clause here. */ > + || errno == EMFILE) > return 1; > return -1; > } > -- > 2.42.0 > Also, if you don't have a copyright assignment on file with the FSF, could you add a Signed-off-by to certify your contribution? Thanks, Sid