From: Florian Weimer <fweimer@redhat.com>
To: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
Cc: libc-alpha@sourceware.org, libc-ports@sourceware.org
Subject: Re: [PATCH 1/4] __fdelt_chk: Removed range check
Date: Fri, 12 Apr 2013 07:42:00 -0000 [thread overview]
Message-ID: <5167BADC.3090101@redhat.com> (raw)
In-Reply-To: <1365744803-19197-2-git-send-email-kosaki.motohiro@gmail.com>
On 04/12/2013 07:33 AM, KOSAKI Motohiro wrote:
> +strong_alias (__fdelt_nochk, __fdelt_chk)
> +strong_alias (__fdelt_nochk, __fdelt_warn)
This change (which disables checking for existing compiled binaries)
seems the wrong thing to do to me.
I tend to agree that it might make sense to make fd_set fortification
optional, but it should be enabled by default. Could you please change
your patch so that it performs the checking by default, and preserves
checking for applications which were compiled against pre-2.18 versions?
By the way, if you see crashes with Qt, we have a patch which replaces
select with poll (qt-4.8-poll.patch in Fedora). We tried to upstream
it, but no luck so far.
--
Florian Weimer / Red Hat Product Security Team
next prev parent reply other threads:[~2013-04-12 7:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-12 5:33 [PATCH v3 0/4] fix wrong program abort on __FD_ELT KOSAKI Motohiro
2013-04-12 5:34 ` [PATCH 1/4] __fdelt_chk: Removed range check KOSAKI Motohiro
2013-04-12 7:42 ` Florian Weimer [this message]
2013-04-12 20:28 ` KOSAKI Motohiro
2013-04-14 0:40 ` KOSAKI Motohiro
2013-04-12 5:34 ` [PATCH 3/4] tst-chk1: add fd_set dynamic allocation test KOSAKI Motohiro
2013-04-12 5:34 ` [PATCH 2/4] Reinstantiate fd range check if and only if defined _STRICT_FD_SIZE_CHECK=1 KOSAKI Motohiro
2013-04-12 5:34 ` [PATCH 4/4] __FDS_BITS: Added cast to __fd_mask* to avoid warning KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5167BADC.3090101@redhat.com \
--to=fweimer@redhat.com \
--cc=kosaki.motohiro@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=libc-ports@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).