This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/4] __fdelt_chk: Removed range check
- From: Florian Weimer <fweimer at redhat dot com>
- To: KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>
- Cc: libc-alpha at sourceware dot org, libc-ports at sourceware dot org
- Date: Fri, 12 Apr 2013 09:42:20 +0200
- Subject: Re: [PATCH 1/4] __fdelt_chk: Removed range check
- References: <1365744803-19197-1-git-send-email-kosaki dot motohiro at gmail dot com> <1365744803-19197-2-git-send-email-kosaki dot motohiro at gmail dot com>
On 04/12/2013 07:33 AM, KOSAKI Motohiro wrote:
+strong_alias (__fdelt_nochk, __fdelt_chk)
+strong_alias (__fdelt_nochk, __fdelt_warn)
This change (which disables checking for existing compiled binaries)
seems the wrong thing to do to me.
I tend to agree that it might make sense to make fd_set fortification
optional, but it should be enabled by default. Could you please change
your patch so that it performs the checking by default, and preserves
checking for applications which were compiled against pre-2.18 versions?
By the way, if you see crashes with Qt, we have a patch which replaces
select with poll (qt-4.8-poll.patch in Fedora). We tried to upstream
it, but no luck so far.
--
Florian Weimer / Red Hat Product Security Team