This is the mail archive of the
libc-ports@sources.redhat.com
mailing list for the libc-ports project.
Re: [PATCH 1/5] __fdelt_chk: Removed range check
- From: KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>
- To: "Carlos O'Donell" <carlos at redhat dot com>
- Cc: libc-alpha <libc-alpha at sourceware dot org>, "libc-ports at sourceware dot org" <libc-ports at sourceware dot org>
- Date: Wed, 1 May 2013 02:40:22 -0400
- Subject: Re: [PATCH 1/5] __fdelt_chk: Removed range check
- References: <1365900451-19026-1-git-send-email-kosaki dot motohiro at gmail dot com> <1365900451-19026-2-git-send-email-kosaki dot motohiro at gmail dot com> <51807D13 dot 9090706 at redhat dot com>
>> long int
>> -__fdelt_chk (long int d)
>> +__fdelt_nochk (long int d)
>> {
>> - if (d < 0 || d >= FD_SETSIZE)
>> - __chk_fail ();
>> -
>> return d / __NFDBITS;
>> }
>> -strong_alias (__fdelt_chk, __fdelt_warn)
>> +strong_alias (__fdelt_nochk, __fdelt_chk)
>> +strong_alias (__fdelt_nochk, __fdelt_warn)
>>
>
> Doesn't this mean that you will disable the runtime check
> for FD_SETSIZE for all existing binaries?
Right.
> That means that we would have to recompile all of the
> applications again in order to get checking again using
> the new symbols proposed in PATCH #2?
Right. Because, unfortunately, __fdelt_chk() doesn't have
buffer size argument, so we can't implement buffer overflow
checks on top of this interface.
Then, I made new __fdelt_buffer_chk() function at patch #2.
The rest problem is, how should we treat old interfaces? From
point of Ubuntu and OpenSUSE view, it should be disable, at least,
by default. Otherwise all applications need to recompile for disabling.
> This is not sufficiently conservative. We want it the other
> way around. A simple recompile of ruby should result in
> a ruby that no longer needs to disable _FORTIFY_SOURCE
> to work around FD_SETSIZE checks.
If anyone have an alternative and better implementation idea, that's
welcome. I definitely agree this is ideal result.