From: Andreas Schwab <schwab@linux-m68k.org>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: libc-alpha@sourceware.org,
"Adhemerval Zanella" <adhemerval.zanella@linaro.org>,
"Carlos O'Donell" <carlos@redhat.com>,
"Florian Weimer" <fweimer@redhat.com>,
"Jakub Jelinek" <jakub@redhat.com>,
"Martin Liška" <mliska@suse.cz>
Subject: Re: [RFC] _FORTIFY_SOURCE strictness
Date: Thu, 07 Apr 2022 12:16:10 +0200 [thread overview]
Message-ID: <87ilrlryfp.fsf@igel.home> (raw)
In-Reply-To: <d0b28dea-0d61-49bf-aa75-a96fc71e3d07@gotplt.org> (Siddhesh Poyarekar's message of "Thu, 7 Apr 2022 11:56:18 +0530")
On Apr 07 2022, Siddhesh Poyarekar wrote:
> The downside of this approach is the possibility that some applications
> don't fortify beyond level 2, insisting that their usage is safe enough.
The problem with this argument is that what is safe enough now, may be
unsafe later due to an unrelated change elsewhere, or an attacker
injecting some unforeseen data. It is generally better to be safer in
the first place, because aborting deep inside the call chain is a risk
in itself, even if it prevented an acute undefined behaviour from doing
bad side effects. By checking bounds early better error recovery is
possible in general.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
next prev parent reply other threads:[~2022-04-07 10:16 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-07 6:26 Siddhesh Poyarekar
2022-04-07 10:16 ` Andreas Schwab [this message]
2022-04-08 3:24 ` Siddhesh Poyarekar
2022-04-08 2:26 ` Paul Eggert
2022-04-08 3:32 ` Siddhesh Poyarekar
2022-04-08 5:37 ` Florian Weimer
2022-04-08 6:02 ` Siddhesh Poyarekar
2022-04-08 21:07 ` Paul Eggert
2022-04-11 8:02 ` Siddhesh Poyarekar
2022-05-05 18:43 ` [PATCH 0/2] More compliant wcrtomb Siddhesh Poyarekar
2022-05-05 18:43 ` [PATCH 1/2] benchtests: Add wcrtomb microbenchmark Siddhesh Poyarekar
2022-05-06 9:10 ` Florian Weimer
2022-05-06 12:49 ` [committed] " Siddhesh Poyarekar
2022-05-06 12:50 ` [PATCH 1/2] " Adhemerval Zanella
2022-05-06 12:59 ` Siddhesh Poyarekar
2022-05-06 13:20 ` Adhemerval Zanella
2022-05-06 13:26 ` Siddhesh Poyarekar
2022-05-06 13:36 ` Siddhesh Poyarekar
2022-05-06 13:46 ` Adhemerval Zanella
2022-05-05 18:43 ` [PATCH 2/2] wcrtomb: Make behavior POSIX compliant Siddhesh Poyarekar
2022-05-06 9:25 ` Paul Eggert
2022-05-06 13:40 ` Adhemerval Zanella
2022-05-06 13:46 ` Siddhesh Poyarekar
2022-05-06 14:04 ` [PATCH v2] " Siddhesh Poyarekar
2022-05-09 13:22 ` Adhemerval Zanella
2022-05-09 13:35 ` Siddhesh Poyarekar
2022-05-12 13:15 ` [PATCH v3] " Siddhesh Poyarekar
2022-05-13 4:56 ` Paul Eggert
2022-05-13 5:28 ` Paul Eggert
2022-05-13 11:31 ` Siddhesh Poyarekar
2022-05-13 11:38 ` Florian Weimer
2022-05-13 11:51 ` Siddhesh Poyarekar
2022-05-13 12:55 ` Florian Weimer
2022-05-13 12:30 ` Adhemerval Zanella
2022-05-13 13:42 ` Siddhesh Poyarekar
2022-05-13 17:58 ` Paul Eggert
2022-05-13 13:45 ` [committed] " Siddhesh Poyarekar
2022-05-13 8:18 ` [PATCH v3] " Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilrlryfp.fsf@igel.home \
--to=schwab@linux-m68k.org \
--cc=adhemerval.zanella@linaro.org \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=jakub@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=mliska@suse.cz \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).