This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements

From: Zack Weinberg <zackw at panix dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: Andreas Schwab <schwab at suse dot de>, GNU C Library <libc-alpha at sourceware dot org>
Date: Thu, 29 Jun 2017 15:56:22 -0400
Subject: Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
Authentication-results: sourceware.org; auth=none
References: <20170619161345.7CC73402AEC3E@oldenburg.str.redhat.com> <mvmzicvp23k.fsf@suse.de> <54c5074e-8b7c-7b3b-e5b1-02ee18a7cabe@redhat.com> <mvmvanjozna.fsf@suse.de> <50beae35-82bd-ae09-064d-676fd26fc1c0@redhat.com> <mvmr2y7ozbe.fsf@suse.de> <6701f70e-f623-ef1a-1ef2-a4d47d7e11b0@redhat.com> <mvmh8z3ovuz.fsf@suse.de> <a9ad64ea-f91e-e494-92a0-35b706f5d107@redhat.com> <mvmd19rou5j.fsf@suse.de> <6fb6263e-6653-8f87-2aa6-e2b32437be94@redhat.com> <mvm7ezyq53c.fsf@suse.de> <34b57a2e-356b-3a92-1403-e6d16529b0eb@redhat.com>

On Thu, Jun 29, 2017 at 3:05 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 06/26/2017 02:57 PM, Andreas Schwab wrote:
>> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
>>
>>> The goal is to prevent massaging the heap through LD_AUDIT variable
>>> contents.  So it's purely hardening.
>>
>> Why is that needed?
>
> I'm not sure if it is needed.  I am not an experienced exploit writer.
>
> I assume you want me to apply something like the attached patch, right?

I am not an experienced exploit writer either, and I don't know this
code at all, but as a matter of principle, I do not think you should
make any changes until Andreas actually explains his concerns in
_detail_.  One-sentence cryptic questions, at a rate of one per email,
are not proper code review.

zw

Follow-Ups:
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer

References:
- [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]