This is the mail archive of the
mailing list for the glibc project.
Re: [bug-gettext] intl: Proof against invalid offset/length
- From: Florian Weimer <fweimer at redhat dot com>
- To: Daiki Ueno <ueno at gnu dot org>, "Carlos O'Donell" <carlos at redhat dot com>
- Cc: Bruno Haible <bruno at clisp dot org>, bug-gettext at gnu dot org, Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Fri, 20 Mar 2015 10:10:09 +0100
- Subject: Re: [bug-gettext] intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org> <54FFE323 dot 4000704 at redhat dot com> <5962708 dot Sqr89sjBty at linuix dot haible dot de> <5502F437 dot 5060405 at redhat dot com> <5502F4C9 dot 8050304 at redhat dot com> <m3sid0eaup dot fsf-ueno at gnu dot org>
On 03/20/2015 02:06 AM, Daiki Ueno wrote:
> I agree. Now that intl/ is almost synchronized with gettext, what's
> blocking this? I'm happy to include the patch in the upcoming gettext
> release so non-glibc consumers also benefit from it.
The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or
issetuugid on other systems, but which I cannot test). It is not going
to be very portable.
Florian Weimer / Red Hat Product Security