This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v2 0/3] posix: Execute file function fixes

On 02/19/2016 11:14 AM, Adhemerval Zanella wrote:
I do not agree it is a regression since it fixes two important issues:
exec async-signal-safeness and vfork usage.

Even if a change makes improvements in some ways, the change can still be a regression in other ways. The proposed change plainly has such regressions.

the vector of attack might be limited

Agreed. Still, the vector is there.

The current '__libc_use_alloca' is a fragile and arbitrary stack control flow and since it does not track total stack usage against runtime imposed limit it does not add anything related to security.

Certainly __libc_use_alloca is an imperfect mechanism. However, if code touches buffers before going past them, __libc_use_alloca results in reliable stack overflow protection in the common case where sufficiently-large guard pages are at the top of the stack. So it's an exaggeration to say that __libc_use_alloca adds nothing to security.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]