This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fwd: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- From: Rich Felker <dalias at libc dot org>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, Alex <alexinbeijing at gmail dot com>, libc-alpha at sourceware dot org
- Date: Thu, 13 Aug 2015 10:10:40 -0400
- Subject: Re: Fwd: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- Authentication-results: sourceware.org; auth=none
- References: <1439153945-22973-1-git-send-email-alexinbeijing at gmail dot com> <87fv3s83td dot fsf at igel dot home> <CACsECNf6dB8cAG4EHpox=tg8=+SbeWTb9J=T4zArLtmdQjqkHQ at mail dot gmail dot com> <CACsECNeWcACbJ50wYcrWL804G9o7T8eZT57oFZWS17jVZ98SxA at mail dot gmail dot com> <mvmzj1zmssr dot fsf at hawking dot suse dot de> <CACsECNcLeZW7WnC1mOM7AssN8xatAAHhEOnPAv9VUnup_cmU=Q at mail dot gmail dot com> <55C868DE dot 30909 at cs dot ucla dot edu> <mvmr3nbmrlz dot fsf at hawking dot suse dot de> <20150813020521 dot GC31018 at brightrain dot aerifal dot cx> <mvmmvxviptx dot fsf at hawking dot suse dot de>
On Thu, Aug 13, 2015 at 09:56:42AM +0200, Andreas Schwab wrote:
> Rich Felker <dalias@libc.org> writes:
>
> > On Mon, Aug 10, 2015 at 11:15:36AM +0200, Andreas Schwab wrote:
> >> Paul Eggert <eggert@cs.ucla.edu> writes:
> >>
> >> > Presumably the original author didn't know about "%.*s".
> >>
> >> It didn't exist back then.
> >
> > This is factually incorrect.
>
> Read the history before making such a bold statement.
>
> > C89
>
> _dl_error_printf isn't C89.
OK, I misunderstood the code. Apologies.
Rich