This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/12926] getaddrinfo()/make_request() may spin forever

From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 21 Oct 2015 15:28:05 +0000
Subject: [Bug network/12926] getaddrinfo()/make_request() may spin forever
Auto-submitted: auto-generated
References: <bug-12926-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=12926

--- Comment #14 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Florian Weimer from comment #13)
> (In reply to Carlos O'Donell from comment #11)
> 
> > How can we assume all supported kernels from 2.6.32 and up are not
> > vulnerable? AFAIK glibc has to be defensive in this case.
> 
> We could probably make an exception here.  In general, I really dislike the
> idea of working around kernel security bugs, but this might be an exception.
> (Although there are likely corner cases the libc check won't cover.)

We can conditionlize the code on upstream kernel version with the fix, similar
to the way we conditionalize with interface availability and eventually remove
the code when the minimum kernel version is new enough.

I don't like it either, but it is a fact of developing on a library with a wide
range of supported kernel versions.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]