This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12189] __stack_chk_fail should not attempt a backtrace
- From: "pasky at suse dot cz" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 4 Nov 2010 09:51:56 +0000
- Subject: [Bug libc/12189] __stack_chk_fail should not attempt a backtrace
- Auto-submitted: auto-generated
- References: <bug-12189-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12189
Petr Baudis <pasky at suse dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
CC| |pasky at suse dot cz
Resolution|WORKSFORME |
--- Comment #2 from Petr Baudis <pasky at suse dot cz> 2010-11-04 09:51:45 UTC ---
I'd like to reopen this for another bit - this actually has CVE 2010-3192
assigned and is considered a security bug by some, leaking information in case
the attacker can just trigger fortified source protection. I'm personally
rather ambivalent on whether this should be fixed, but the argument does make
sense. If we would just always print the information if it was useful, we
should have a default SIGSEGV and SIGABRT handlers printing backtrace too. :-)
C.f. http://seclists.org/fulldisclosure/2010/Apr/399,
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3192
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.