[PATCH] Allow %n in -D_FORTIFY_SOURCE=2 linux programs if /proc is not mounted

[PATCH] Allow %n in -D_FORTIFY_SOURCE=2 linux programs if /proc is not mounted

[Jakub Jelinek]

Hi!

If /proc is not mounted, it is IMHO better to be less protected than
fail on legitimate %n uses.

2004-10-20  Jakub Jelinek  <jakub@redhat.com>

	* sysdeps/unix/sysv/linux/readonly-area.c (__readonly_area): If /proc
	is not mounted, return 1.

--- libc/sysdeps/unix/sysv/linux/readonly-area.c.jj	2004-10-18 06:17:11.000000000 +0200
+++ libc/sysdeps/unix/sysv/linux/readonly-area.c	2004-10-20 12:03:41.082904624 +0200
@@ -33,7 +33,10 @@ __readonly_area (const char *ptr, size_t
 
   FILE *fp = fopen ("/proc/self/maps", "rc");
   if (fp == NULL)
-    return -1;
+    /* We don't know.  Returning 1 here means that programs using %n
+       and -D_FORTIFY_SOURCE=2 will work even when /proc is not mounted,
+       but will allow %n even in writable areas.  */
+    return 1;
 
   /* We need no locking.  */
   __fsetlocking (fp, FSETLOCKING_BYCALLER);

	Jakub

Re: [PATCH] Allow %n in -D_FORTIFY_SOURCE=2 linux programs if /proc is not mounted

[Ulrich Drepper]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jakub Jelinek wrote:
> If /proc is not mounted, it is IMHO better to be less protected than
> fail on legitimate %n uses.

I'm not sure this is such a good idea.  This can potentially affect only
a handful of programs, those running before /proc is mounted and those
used fater it is unmounted.  If insight into t hose programs is hard
enough we should use your patch.

I worry about an exploit where a process running as root first run
umount for /proc to disable this and maybe other checks.

- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBdjw52ijCOnn/RHQRAijkAJ4jexDj8zWdoVHU3d5lzibKB9TtTwCeNhRu
WvfPM+zC0fIySlUIOWYMpss=
=Opea
-----END PGP SIGNATURE-----