This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: FD_SET and FORTIFY_SOURCE
- From: KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>
- To: libc-alpha <libc-alpha at sourceware dot org>
- Cc: Motohiro KOSAKI <kosaki dot motohiro at gmail dot com>
- Date: Sun, 24 Mar 2013 16:17:40 -0400
- Subject: Re: FD_SET and FORTIFY_SOURCE
- References: <512F0CC6 dot 8080302 at redhat dot com> <20130228134139 dot GL20323 at brightrain dot aerifal dot cx> <512F84B2 dot 1000501 at redhat dot com> <512FCFD0 dot 5050108 at gmail dot com>
> I think current __FD_ELT is right implemenation. It only fail when passed argument is not
> dynamic allocated.
Ugh. I was wrong. Current __FD_ELT is not correct. I received a bug
report this feature makes invalid program abort when running ruby on
Ubuntu.
Because Ruby uses howmany macro and allocates fd_set from heap and Ubuntu enable
_FORTIFY_SOURCE=2 by default.
https://github.com/ruby/ruby/blob/ruby_1_9_3/thread.c#L2347
There is unfortunate conflict here. glibc __FD_ELT check POSIX
validness, not Linux validness. Linux support >1024 fd number since
Linux 2.2.12 (about 15years ago).
As far as I skimmed Debian Code Search, su, rsyslog, ssh and other
several BSD derived
software use the same technique. I think the current situation is
dangerous and I believe
we shouldn't break existing software in the real world.
Side note: POSIX and Other OSs status
POSIX:
> [EINVAL]The nfds argument is less than 0 or greater than FD_SETSIZE.
http://pubs.opengroup.org/onlinepubs/007908775/xsh/select.html
*BSD, HP-UX:
Ignore POSIX and support allocation fd_set from heap.
http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-4.0
http://www.openbsd.org/cgi-bin/man.cgi?query=select&manpath=OpenBSD+4.4
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c02267349/c02267349.pdf
Mac OS X:
return EINVAL when >FD_SETSIZE and _DARWIN_UNLIMITED_SELECT
is not defined. i.e. every practical applications turn on
_DARWIN_UNLIMITED_SELECT.
Solaris:
select return EINVAL when >FD_SETSIZE. Instead, provide
select_large_fdset().
i.e. applications do #define select(n, r, w, e, t)
select_large_fdset((n), (r), (w), (e), (t)).
So, there are several options.
1. only turn on __FD_ELT check when running on hurd.
2. only turn on __FD_ELT check when defined some specific macro. (e.g.
likes darwin,
but disable by default)
2-2. make FORTIFY_SOURCE variant and check POSIX compliance if enabled.
3. provide select_large_fdset() likes solaris. (I strongly don't
recommend. all application
need to modify and recompilation)
What do you think?