This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
On 06/29/2017 09:56 PM, Zack Weinberg wrote:
> On Thu, Jun 29, 2017 at 3:05 PM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 06/26/2017 02:57 PM, Andreas Schwab wrote:
>>> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
>>>
>>>> The goal is to prevent massaging the heap through LD_AUDIT variable
>>>> contents. So it's purely hardening.
>>>
>>> Why is that needed?
>>
>> I'm not sure if it is needed. I am not an experienced exploit writer.
>>
>> I assume you want me to apply something like the attached patch, right?
>
> I am not an experienced exploit writer either, and I don't know this
> code at all, but as a matter of principle, I do not think you should
> make any changes until Andreas actually explains his concerns in
> _detail_. One-sentence cryptic questions, at a rate of one per email,
> are not proper code review.
To be fair, the original patch went in without much review on
libc-alpha, too.
Florian