This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements

On 06/29/2017 09:56 PM, Zack Weinberg wrote:
> On Thu, Jun 29, 2017 at 3:05 PM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 06/26/2017 02:57 PM, Andreas Schwab wrote:
>>> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
>>>
>>>> The goal is to prevent massaging the heap through LD_AUDIT variable
>>>> contents.  So it's purely hardening.
>>>
>>> Why is that needed?
>>
>> I'm not sure if it is needed.  I am not an experienced exploit writer.
>>
>> I assume you want me to apply something like the attached patch, right?
> 
> I am not an experienced exploit writer either, and I don't know this
> code at all, but as a matter of principle, I do not think you should
> make any changes until Andreas actually explains his concerns in
> _detail_.  One-sentence cryptic questions, at a rate of one per email,
> are not proper code review.

To be fair, the original patch went in without much review on
libc-alpha, too.

Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]