This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Ensure __libc_message does not blindly write toSTDERR_FILENO.
- From: Petr Baudis <pasky at ucw dot cz>
- To: William Pitcock <nenolod at dereferenced dot org>,Marek Polacek <polacek at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 16 Apr 2012 11:50:38 +0200
- Subject: Re: [PATCH] Ensure __libc_message does not blindly write toSTDERR_FILENO.
Hi!
Thanks. This seems quite nasty also if fd 2 is some file to which
we shouldn't write blindly.
On Mon, Apr 16, 2012 at 09:20:52AM +0000, William Pitcock wrote:
> [BZ #13983]
> * sysdeps/posix/libc_fatal.c (__libc_message): In the event that
> stderr has been closed using fclose(), we should not try to use
> STDERR_FILENO.
> Doing so may result in blind private information leaks.
> * sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Likewise.
>
> Signed-off-by: William Pitcock <nenolod@dereferenced.org>
The current policy is that ChangeLog should describe only literal
changes while the commit message describes the point of the change
and reasoning behind it. So maybe something like:
* sysdeps/posix/libc_fatal.c (__libc_message): Do not write to stderr
if it does not correspond to STDERR_FILENO, use vsyslog() instead.
On Mon, Apr 16, 2012 at 11:41:13AM +0200, Marek Polacek wrote:
> > + is -1. We *must* use _IO_stderr and not stderr, as stderr can be overriden
> > + by the application. */
>
> Two spaces after `.'.
What's wrong with them?
--
Petr "Pasky" Baudis
Smart data structures and dumb code works a lot better
than the other way around. -- Eric S. Raymond