This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: alloca avoidance patches
- From: Florian Weimer <fweimer at redhat dot com>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 19 Jun 2017 22:36:29 +0200
- Subject: Re: alloca avoidance patches
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 6394A23E6DC
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6394A23E6DC
- References: <5a4e9615-8403-1854-a942-168bcd77d80b@redhat.com> <39c90542-bbd9-f161-d51b-550a4a4ee104@redhat.com>
On 06/19/2017 10:11 PM, Carlos O'Donell wrote:
> The safety of our users and protecting them against exploits is
> paramount in my opinion, and we should adopt such limits for SUID
> binaries where it makes sense, even if we later back them out for
> a better solution.
Okay, fair enough, I will commit both patches and backport them to 2.25,
2.24, and 2.23, too.
> I think that even GNU/Hurd is susceptable to these kinds of attacks
> since all modern operating systems follow the same models for stack
> and heap usage.
Windows probably gets it right, and this may have been one reason why
they never implemented C99 supported in their C compiler. They support
alloca as an extension, but it will raise an exception in case of stack
overflow.
Thanks,
Florian