This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO
- From: "nenolod at dereferenced dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 16 Apr 2012 07:10:38 +0000
- Subject: [Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO
- Auto-submitted: auto-generated
- References: <bug-13983-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13983
--- Comment #7 from William Pitcock <nenolod at dereferenced dot org> 2012-04-16 07:10:38 UTC ---
(In reply to comment #5)
> (In reply to comment #4)
> > Personally, I would flag this INVALID.
>
> In addition, dumping messages to /dev/tty is just plain wrong.
>
> I run some nightly builds from cron, and redirect their stdout/stderr.
>
> Recently I discovered that if I run the same build by hand, I get several error
> messages in my terminal. I have *no clue* which commands they are coming from.
> They are *not* useful.
The idea here is that libc doesn't leak private information to log files which
might be accessible by people on the box that you wouldn't want to know just
succeeded in a specific kind of memory corruption or buffer overflow or
whatever.
>From a security standpoint this is probably a good thing.
> (Now that I looked at __libc_message, I am going to set LIBC_FATAL_STDERR_ in
> the environment to direct them back to stderr.)
This is fine too, but glibc should make sure stderr really is stderr.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.