This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 3/5] Add single-threaded path to _int_free
- From: DJ Delorie <dj at redhat dot com>
- To: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- Cc: libc-alpha at sourceware dot org, nd at arm dot com
- Date: Fri, 13 Oct 2017 13:29:35 -0400
- Subject: Re: [PATCH 3/5] Add single-threaded path to _int_free
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 617CB4E4D0
Wilco Dijkstra <Wilco.Dijkstra@arm.com> writes:
> If that's the case then why isn't a double free checked everywhere?
While I'm not a security expert, my two comments on this are "obviously
we should check" and "thar be dragons" ;-)
Also, there's a difference between stopping the user from doing
something stupid, and stopping the Bad Guys from doing something
nefarious.
> Doing checks that are completely ineffective doesn't make sense -
> that just adds unnecessary overhead while providing no actual security
> benefit (in fact it gives a false sense of security which is even worse...).
I didn't say "don't remove the check" - I said "don't remove the check
without carefully considering the side effects". I don't know the
history of that check, but I assume (by default) it was added because
someone used it to infect a system at some point. I doubt either you or
I are qualified to properly evaluate why that particular check was
written the way it was, or why it was added in the first place.
Hopefully, someone with more security experience will comment on this.