This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Implement C11 annex K?

On Thu, Aug 14, 2014 at 12:12:59PM +0200, Andreas Schwab wrote:
> Florian Weimer <fweimer@redhat.com> writes:
> 
> > On 08/14/2014 12:02 PM, Andreas Schwab wrote:
> >> Florian Weimer <fweimer@redhat.com> writes:
> >>
> >>> Here's a security bug which resulted from the incorrect use of strlcpy:
> >>>
> >>>    <http://www.samba.org/samba/security/CVE-2014-3560>
> >>>    <https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
> >>
> >> This only proves that strlcpy isn't any better at preventing security
> >> bugs.
> >
> > It also shows that there is a real cost to not providing strlcpy in glibc.
> 
> No, you got it backwards.  Had samba used the standard string functions
> it would have been "protected" by fortification.  Of course,
> fortification is just a workaround for sloppy programming anyway.

Except that we don't have any control over what Samba does, much less
any control over what every single broken app out there does. Unless
you want to go audit them all, file bug reports, and work through the
fights with their maintainers to get them to fix things, the practical
way to improve security is to provide a correct, fortify-compatible
strlcpy/strlcat in glibc so that these bugs can be caught
automatically. That's something the glibc team _can_ actually do.

Rich
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]