Re: [PATCH 1/5] __fdelt_chk: Removed range check

public inbox for libc-ports@sourceware.org
 help / color / mirror / Atom feed

From: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
To: Carlos O'Donell <carlos@redhat.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com>,
	 libc-alpha <libc-alpha@sourceware.org>,
	"libc-ports@sourceware.org" <libc-ports@sourceware.org>
Subject: Re: [PATCH 1/5] __fdelt_chk: Removed range check
Date: Wed, 01 May 2013 22:13:00 -0000	[thread overview]
Message-ID: <51819377.3040403@gmail.com> (raw)
In-Reply-To: <51812A69.6000004@redhat.com>

>>> That means that we would have to recompile all of the
>>> applications again in order to get checking again using
>>> the new symbols proposed in PATCH #2?
>>
>> Right. Because, unfortunately, __fdelt_chk() doesn't have
>> buffer size argument, so we can't implement buffer overflow
>> checks on top of this interface.
>>
>> Then, I made new __fdelt_buffer_chk() function at patch #2.
>>
>> The rest problem is, how should we treat old interfaces? From
>> point of Ubuntu and OpenSUSE view, it should be disable, at least,
>> by default. Otherwise all applications need to recompile for disabling.
>>
>>
>>> This is not sufficiently conservative. We want it the other
>>> way around. A simple recompile of ruby should result in
>>> a ruby that no longer needs to disable _FORTIFY_SOURCE
>>> to work around FD_SETSIZE checks.
>>
>> If anyone have an alternative and better implementation idea, that's
>> welcome. I definitely agree this is ideal result.
>  
> I don't think we want to disable the check.
> 
> We added it for good reasons and it matches POSIX behaviour.
> 
> At the end of the day we implement POSIX behaviour by default.

Could you clarify me my two questionsn? 

1) If not disabling, Ubuntu/OpenSUSE need to recompile ALL of affected 
packages. Do you suggest to recompile all of them? 

Dear Ubuntu and OpenSUSE guys, please tell me your opinion. This patch
doesn't affect Fedora/RHEL/Debian. So I want to know which is close to
your desire.

2) I think my code correctly catch buffer overflow of posix codes too.
Do you disagree it? In the other words, what kind of application wants 
to static checks?


> Ruby has already worked around this by disabling _FORTIFY_SOURCE
> in their code to avoid the assert.

Right. I don't mind ruby case.


> What we want to do is prevent them from needing to disable
> *ALL* of _FORTIFY_SOURCE and provide a macro that allows them
> to have finer grained control over the checks that apply to their
> code.

It can. but I want to understand which is better and why before to do.

next prev parent reply	other threads:[~2013-05-01 22:13 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-14  0:47 [PATCH v4 0/5] fix wrong program abort on __FD_ELT KOSAKI Motohiro
2013-04-14  0:47 ` [PATCH 2/5] __FD_ELT: Implement correct buffer overflow check KOSAKI Motohiro
2013-05-01  2:42   ` Carlos O'Donell
2013-05-01  6:28     ` KOSAKI Motohiro
2013-05-01 14:42       ` Carlos O'Donell
2013-05-01 20:32         ` KOSAKI Motohiro
2013-05-03  3:15           ` Carlos O'Donell
2013-05-01 20:11       ` KOSAKI Motohiro
2013-05-03  3:15         ` Carlos O'Donell
2013-04-14  0:47 ` [PATCH 5/5] __FDS_BITS: Added cast to __fd_mask* to avoid warning KOSAKI Motohiro
2013-05-01  2:44   ` Carlos O'Donell
2013-04-14  0:47 ` [PATCH 3/5] update libc.abilist KOSAKI Motohiro
2013-04-14  0:47 ` [PATCH 1/5] __fdelt_chk: Removed range check KOSAKI Motohiro
2013-05-01  2:25   ` Carlos O'Donell
2013-05-01  6:40     ` KOSAKI Motohiro
2013-05-01 14:45       ` Carlos O'Donell
2013-05-01 22:13         ` KOSAKI Motohiro [this message]
2013-05-03  2:52           ` Carlos O'Donell
2013-04-14  0:47 ` [PATCH 4/5] tst-chk1: add fd_set dynamic allocation test KOSAKI Motohiro
2013-05-01  2:44   ` Carlos O'Donell
2013-05-01  6:29     ` KOSAKI Motohiro
2013-05-01  3:08 ` [PATCH v4 0/5] fix wrong program abort on __FD_ELT Carlos O'Donell
2013-05-01  5:31   ` KOSAKI Motohiro
2013-05-01 14:38     ` Carlos O'Donell
2013-05-01 22:21       ` KOSAKI Motohiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51819377.3040403@gmail.com \
    --to=kosaki.motohiro@gmail.com \
    --cc=carlos@redhat.com \
    --cc=libc-alpha@sourceware.org \
    --cc=libc-ports@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).