This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 3/5] Add single-threaded path to _int_free


Wilco Dijkstra <Wilco.Dijkstra@arm.com> writes:
> If that's the case then why isn't a double free checked everywhere?

While I'm not a security expert, my two comments on this are "obviously
we should check" and "thar be dragons" ;-)

Also, there's a difference between stopping the user from doing
something stupid, and stopping the Bad Guys from doing something
nefarious.

> Doing checks that are completely ineffective doesn't make sense -
> that just adds unnecessary overhead while providing no actual security
> benefit (in fact it gives a false sense of security which is even worse...).

I didn't say "don't remove the check" - I said "don't remove the check
without carefully considering the side effects".  I don't know the
history of that check, but I assume (by default) it was added because
someone used it to infect a system at some point.  I doubt either you or
I are qualified to properly evaluate why that particular check was
written the way it was, or why it was added in the first place.

Hopefully, someone with more security experience will comment on this.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]