This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Avoid deadlock in malloc on backtrace
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Szabolcs Nagy <nsz at port70 dot net>
- Cc: Siddhesh Poyarekar <siddhesh at redhat dot com>, libc-alpha at sourceware dot org
- Date: Fri, 27 Feb 2015 11:33:28 -0500
- Subject: Re: [PATCH] Avoid deadlock in malloc on backtrace
- Authentication-results: sourceware.org; auth=none
- References: <20150224100249 dot GA31871 at spoyarek dot pnq dot redhat dot com> <54EF9B9C dot 1080305 at redhat dot com> <20150227142009 dot GB16260 at port70 dot net>
On 02/27/2015 09:20 AM, Szabolcs Nagy wrote:
> * Carlos O'Donell <carlos@redhat.com> [2015-02-26 17:18:04 -0500]:
>> (1) Delaying the abort is bad for security.
>>
>> Problem: The library should abort() immediately from a security perspective.
>>
>> Solution: Don't delay, call abort() immediately.
>
> i think from security pov immediate crash (__builtin_trap) is the right solution
>
> abort is complex (eg glibc tries to fflush stdio buffers)
I agree that __builtin_trap would be an option.
c.