This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
On Thu, Jun 29, 2017 at 3:05 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 06/26/2017 02:57 PM, Andreas Schwab wrote:
>> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
>>
>>> The goal is to prevent massaging the heap through LD_AUDIT variable
>>> contents. So it's purely hardening.
>>
>> Why is that needed?
>
> I'm not sure if it is needed. I am not an experienced exploit writer.
>
> I assume you want me to apply something like the attached patch, right?
I am not an experienced exploit writer either, and I don't know this
code at all, but as a matter of principle, I do not think you should
make any changes until Andreas actually explains his concerns in
_detail_. One-sentence cryptic questions, at a rate of one per email,
are not proper code review.
zw