From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17600 invoked by alias); 12 Apr 2013 07:42:25 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 17581 invoked by uid 89); 12 Apr 2013 07:42:25 -0000 X-Spam-SWARE-Status: No, score=-9.1 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,KHOP_THREADED,RCVD_IN_DNSWL_HI,RCVD_IN_HOSTKARMA_W,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.1 X-Spam-User: qpsmtpd, 2 recipients Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Fri, 12 Apr 2013 07:42:24 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r3C7gM9M028624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 12 Apr 2013 03:42:22 -0400 Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r3C7gKUL020625 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 12 Apr 2013 03:42:22 -0400 Message-ID: <5167BADC.3090101@redhat.com> Date: Fri, 12 Apr 2013 07:42:00 -0000 From: Florian Weimer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130402 Thunderbird/17.0.5 MIME-Version: 1.0 To: KOSAKI Motohiro CC: libc-alpha@sourceware.org, libc-ports@sourceware.org Subject: Re: [PATCH 1/4] __fdelt_chk: Removed range check References: <1365744803-19197-1-git-send-email-kosaki.motohiro@gmail.com> <1365744803-19197-2-git-send-email-kosaki.motohiro@gmail.com> In-Reply-To: <1365744803-19197-2-git-send-email-kosaki.motohiro@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-SW-Source: 2013-04/txt/msg00048.txt.bz2 On 04/12/2013 07:33 AM, KOSAKI Motohiro wrote: > +strong_alias (__fdelt_nochk, __fdelt_chk) > +strong_alias (__fdelt_nochk, __fdelt_warn) This change (which disables checking for existing compiled binaries) seems the wrong thing to do to me. I tend to agree that it might make sense to make fd_set fortification optional, but it should be enabled by default. Could you please change your patch so that it performs the checking by default, and preserves checking for applications which were compiled against pre-2.18 versions? By the way, if you see crashes with Qt, we have a patch which replaces select with poll (qt-4.8-poll.patch in Fedora). We tried to upstream it, but no luck so far. -- Florian Weimer / Red Hat Product Security Team