This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 25 Mar 2015 14:10:03 +0100
- Subject: Re: [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
- Authentication-results: sourceware.org; auth=none
- References: <54EB120A dot 1010202 at redhat dot com> <5506F010 dot 1090608 at redhat dot com> <mvmlhil1n5g dot fsf at hawking dot suse dot de> <871tkdtg89 dot fsf at mid dot deneb dot enyo dot de> <mvmbnjh1c3v dot fsf at hawking dot suse dot de> <87wq25s0dh dot fsf at mid dot deneb dot enyo dot de> <mvm7fu51b3r dot fsf at hawking dot suse dot de>
* Andreas Schwab:
> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> Maybe. But we cannot remove the old API (there are external NSS
>> modules, after all). Therefore, such a change would only increase
>> complexity.
>
> There is no way around.
Andreas, your discussion style is really unhelpful. You only post
one-line oblique assertions. I have to guess what you actually mean.
I certainly value your expertise and input, but this is now too
frustrating to keep going.
>> Ahem, I think the commit message of my patch explains this quite
>> clearly. The code Ulrich added to deal with this corner case didn't
>> work as intended because a flag was not set correctly.
>
> Since it doesn't fix the bug, it doesn't make sense.
It fixes the bug for all the nss_files back end, and this has been
verified by multiple people. The fix also matches my root cause
analysis (included in the commit message). If you think this analysis
is wrong and fails to explain why Ulrich's original attempt to fix
this bug didn't work, please point out precisely where my reasoning
goes off thhe tracks.