This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO


http://sourceware.org/bugzilla/show_bug.cgi?id=13983

--- Comment #7 from William Pitcock <nenolod at dereferenced dot org> 2012-04-16 07:10:38 UTC ---
(In reply to comment #5)
> (In reply to comment #4)
> > Personally, I would flag this INVALID.
> 
> In addition, dumping messages to /dev/tty is just plain wrong.
> 
> I run some nightly builds from cron, and redirect their stdout/stderr.
> 
> Recently I discovered that if I run the same build by hand, I get several error
> messages in my terminal. I have *no clue* which commands they are coming from.
> They are *not* useful.

The idea here is that libc doesn't leak private information to log files which
might be accessible by people on the box that you wouldn't want to know just
succeeded in a specific kind of memory corruption or buffer overflow or
whatever.

>From a security standpoint this is probably a good thing.

> (Now that I looked at __libc_message, I am going to set LIBC_FATAL_STDERR_ in
> the environment to direct them back to stderr.)

This is fine too, but glibc should make sure stderr really is stderr.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]