From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14482 invoked by alias); 1 May 2013 06:40:45 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 14462 invoked by uid 89); 1 May 2013 06:40:44 -0000 X-Spam-SWARE-Status: No, score=-4.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,SPF_PASS autolearn=ham version=3.3.1 X-Spam-User: qpsmtpd, 2 recipients Received: from mail-ob0-f169.google.com (HELO mail-ob0-f169.google.com) (209.85.214.169) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Wed, 01 May 2013 06:40:43 +0000 Received: by mail-ob0-f169.google.com with SMTP id tb18so1087895obb.28 for ; Tue, 30 Apr 2013 23:40:42 -0700 (PDT) X-Received: by 10.182.111.199 with SMTP id ik7mr368741obb.44.1367390442468; Tue, 30 Apr 2013 23:40:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.76.143.67 with HTTP; Tue, 30 Apr 2013 23:40:22 -0700 (PDT) In-Reply-To: <51807D13.9090706@redhat.com> References: <1365900451-19026-1-git-send-email-kosaki.motohiro@gmail.com> <1365900451-19026-2-git-send-email-kosaki.motohiro@gmail.com> <51807D13.9090706@redhat.com> From: KOSAKI Motohiro Date: Wed, 01 May 2013 06:40:00 -0000 Message-ID: Subject: Re: [PATCH 1/5] __fdelt_chk: Removed range check To: "Carlos O'Donell" Cc: libc-alpha , "libc-ports@sourceware.org" Content-Type: text/plain; charset=ISO-8859-1 X-SW-Source: 2013-05/txt/msg00008.txt.bz2 >> long int >> -__fdelt_chk (long int d) >> +__fdelt_nochk (long int d) >> { >> - if (d < 0 || d >= FD_SETSIZE) >> - __chk_fail (); >> - >> return d / __NFDBITS; >> } >> -strong_alias (__fdelt_chk, __fdelt_warn) >> +strong_alias (__fdelt_nochk, __fdelt_chk) >> +strong_alias (__fdelt_nochk, __fdelt_warn) >> > > Doesn't this mean that you will disable the runtime check > for FD_SETSIZE for all existing binaries? Right. > That means that we would have to recompile all of the > applications again in order to get checking again using > the new symbols proposed in PATCH #2? Right. Because, unfortunately, __fdelt_chk() doesn't have buffer size argument, so we can't implement buffer overflow checks on top of this interface. Then, I made new __fdelt_buffer_chk() function at patch #2. The rest problem is, how should we treat old interfaces? From point of Ubuntu and OpenSUSE view, it should be disable, at least, by default. Otherwise all applications need to recompile for disabling. > This is not sufficiently conservative. We want it the other > way around. A simple recompile of ruby should result in > a ruby that no longer needs to disable _FORTIFY_SOURCE > to work around FD_SETSIZE checks. If anyone have an alternative and better implementation idea, that's welcome. I definitely agree this is ideal result.