From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16471 invoked by alias); 1 May 2013 14:45:01 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 16430 invoked by uid 89); 1 May 2013 14:45:01 -0000 X-Spam-SWARE-Status: No, score=-7.2 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1 X-Spam-User: qpsmtpd, 2 recipients Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Wed, 01 May 2013 14:45:00 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r41EiwN4004744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 1 May 2013 10:44:58 -0400 Received: from [10.3.113.84] (ovpn-113-84.phx2.redhat.com [10.3.113.84]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r41EivVv029522; Wed, 1 May 2013 10:44:58 -0400 Message-ID: <51812A69.6000004@redhat.com> Date: Wed, 01 May 2013 14:45:00 -0000 From: "Carlos O'Donell" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130311 Thunderbird/17.0.4 MIME-Version: 1.0 To: KOSAKI Motohiro CC: libc-alpha , "libc-ports@sourceware.org" Subject: Re: [PATCH 1/5] __fdelt_chk: Removed range check References: <1365900451-19026-1-git-send-email-kosaki.motohiro@gmail.com> <1365900451-19026-2-git-send-email-kosaki.motohiro@gmail.com> <51807D13.9090706@redhat.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SW-Source: 2013-05/txt/msg00013.txt.bz2 On 05/01/2013 02:40 AM, KOSAKI Motohiro wrote: >>> long int >>> -__fdelt_chk (long int d) >>> +__fdelt_nochk (long int d) >>> { >>> - if (d < 0 || d >= FD_SETSIZE) >>> - __chk_fail (); >>> - >>> return d / __NFDBITS; >>> } >>> -strong_alias (__fdelt_chk, __fdelt_warn) >>> +strong_alias (__fdelt_nochk, __fdelt_chk) >>> +strong_alias (__fdelt_nochk, __fdelt_warn) >>> >> >> Doesn't this mean that you will disable the runtime check >> for FD_SETSIZE for all existing binaries? > > Right. > >> That means that we would have to recompile all of the >> applications again in order to get checking again using >> the new symbols proposed in PATCH #2? > > Right. Because, unfortunately, __fdelt_chk() doesn't have > buffer size argument, so we can't implement buffer overflow > checks on top of this interface. > > Then, I made new __fdelt_buffer_chk() function at patch #2. > > The rest problem is, how should we treat old interfaces? From > point of Ubuntu and OpenSUSE view, it should be disable, at least, > by default. Otherwise all applications need to recompile for disabling. > > >> This is not sufficiently conservative. We want it the other >> way around. A simple recompile of ruby should result in >> a ruby that no longer needs to disable _FORTIFY_SOURCE >> to work around FD_SETSIZE checks. > > If anyone have an alternative and better implementation idea, that's > welcome. I definitely agree this is ideal result. I don't think we want to disable the check. We added it for good reasons and it matches POSIX behaviour. At the end of the day we implement POSIX behaviour by default. Ruby has already worked around this by disabling _FORTIFY_SOURCE in their code to avoid the assert. What we want to do is prevent them from needing to disable *ALL* of _FORTIFY_SOURCE and provide a macro that allows them to have finer grained control over the checks that apply to their code. Cheers, Carlos.