This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Linux: Add fortify wrapper for getdents64

From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
To: Florian Weimer <fweimer at redhat dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>
Cc: nd <nd at arm dot com>
Date: Fri, 21 Jun 2019 11:39:43 +0000
Subject: Re: [PATCH] Linux: Add fortify wrapper for getdents64

Hi,

Do we really need to add to this broken feature? The fortify feature should have
been retired decades ago, it's not useful or secure at all.

If we actually want to detect buffer overflows the correct approach is to add
runtime checks in GCC as that's the place where you have the right info about
variables and array sizes. The current implementation is completely broken
in that it doesn't do buffer overflow checks even in the most trivial cases, and
fails to inline or optimize checks. It just adds duplicate entry points which are
inefficient and are mostly unused... (and you get people adding ifuncs for them
functions just for fun)

Wilco

Follow-Ups:
- Re: [PATCH] Linux: Add fortify wrapper for getdents64
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]