From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from slategray.cherry.relay.mailchannels.net (slategray.cherry.relay.mailchannels.net [23.83.223.169]) by sourceware.org (Postfix) with ESMTPS id 30E463858D3C for ; Wed, 4 Oct 2023 17:45:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 30E463858D3C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C77C28128C; Wed, 4 Oct 2023 17:45:27 +0000 (UTC) Received: from pdx1-sub0-mail-a214.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id E7B5082710; Wed, 4 Oct 2023 17:45:26 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1696441526; a=rsa-sha256; cv=none; b=5Hdt09eoMKdty3gwQzYAOu2hkByJsHfnyoxhJgi0QpZU4bkeHjWkEa5v3l4P2egP7N33dr kkXzjurqGb5l4IHvj5frY0d+1PD92xcn65dC+L7a7zWctjfk+jQd67Sas6+SLwcsBxMb8r Xfvj/sxBcLMDWAyiLVvpVpDFe9h8+bfTfkQY3JH/KOscnU4R0dRtlZ7+Hswl/8Wihmi8jj zug9FmM8E9luutbBD20VC1j4kPySJ96K90vPeuJoyxUeys8anIBKkBPMkopryK+xMa8+4F +9zNe4yfPxjTpevBrayVEQjYknfQa37xprbiQmGG9s0kcWdwjFb2chkKVfk9+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1696441526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZj0oaMBWj6ZmkPf93ibYM9nzFBK0WC9RPTOaDVbibA=; b=STiPWe04vlKtS/2Srl+L95AahzXUYeFW3ru7pNB3x/bxWku06OrfWc9l7uebax0UArcutW savnoGAtQXBdS2gMav+aGAYT9TVtI4O/y4ctc488VdQk9u3dgNBsA/RkSJlWncfvzr8k/T HV/Ski9jEK76nAf1buBmJJtbs+1TbMuBBKjI5dajwjEw1J34eZdZobe4vfnXKOC+nOLb2f B9sDcyIlb0bcYj4zc5xteOdBGRPjkCE4ddHozHXPEmii5YdtdFnLMXEcBojnKx1EIG9Oe5 kwk+xpAcLtZepetNy2y7dMvSFbSU2V+BmwWRBhL8PoCk/ZwquBE/wV2uhsdWnA== ARC-Authentication-Results: i=1; rspamd-7d5dc8fd68-w7d5d; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Harbor-Arithmetic: 2b8a7bfb18e1d037_1696441527278_510423603 X-MC-Loop-Signature: 1696441527278:1303742435 X-MC-Ingress-Time: 1696441527277 Received: from pdx1-sub0-mail-a214.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.41.146 (trex/6.9.1); Wed, 04 Oct 2023 17:45:27 +0000 Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a214.dreamhost.com (Postfix) with ESMTPSA id 4S12CV3JFQz80; Wed, 4 Oct 2023 10:45:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1696441526; bh=VZj0oaMBWj6ZmkPf93ibYM9nzFBK0WC9RPTOaDVbibA=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=TIAfoReHCjuNBg1EDrw0M0/yGUbq5sX9OehN84Fl04/MKB6huRrvFGIQW9vIcE9YS cdmiMmzqtwV+osHDJ9b1iR9f7bwaSzX882KQ/f7Zg2tEngd0nNIlZc/6CWryv6ZVZs wrPWvhibSQIGWO3RtCNV6NKsILQYoX/VFKtaubo7vlxjpTxpb4i5f0oeOzHWoedDxy dKyi5WdJDCddu3b11YFSmRaokGHmWBKq/SXHja4rMgG2m9PwGYkgMXFgEBRI1hqyOc d1sseDHptLXR6ZTOiWA1BdO2FK/4MfTKjEUQzq5VKA1eONif9XN/PM77vUDdNNVJkR JONtZhsUPNAxg== Message-ID: Date: Wed, 4 Oct 2023 13:45:25 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v3] Fix FORTIFY_SOURCE false positive Content-Language: en-US To: Florian Weimer , =?UTF-8?Q?Volker_Wei=c3=9fmann?= Cc: libc-alpha@sourceware.org, Siddhesh Poyarekar References: <20231003171844.9586-1-volker.weissmann@gmx.de> <87bkdeb88r.fsf@oldenburg.str.redhat.com> From: Siddhesh Poyarekar In-Reply-To: <87bkdeb88r.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3031.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-10-04 13:36, Florian Weimer wrote: > This whole thing is rather questionable. > > First of all, the compiler should detect the fact that a format argument > to printf is a string literal and record that in the flags argument > (which already exists for __printf_chk). Then we wouldn't have to do > any %n security checks for most uses of %n. (The flags argument cannot > be spoofed just by altering the string.) > > Siddhesh, is that something you could be working on? Hmm, I thought the compiler already did this. I can take a look. > Even without that, if we are willing to trust the ld.so data structures, > we can do the permission check in userspace for strings that come from > .rodata. We an find the ELF object that contains them and check if the > loadable segment has the right permissions (or we are in the RELRO > area). > > After these changes, I think we can fail hard on /proc-related errors > because they are very unlikely to happen. We'd have to figure out a way for static binaries too. Sid