This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Linux: Add fortify wrapper for getdents64
- From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- To: Florian Weimer <fweimer at redhat dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>
- Cc: nd <nd at arm dot com>
- Date: Fri, 21 Jun 2019 11:39:43 +0000
- Subject: Re: [PATCH] Linux: Add fortify wrapper for getdents64
Hi,
Do we really need to add to this broken feature? The fortify feature should have
been retired decades ago, it's not useful or secure at all.
If we actually want to detect buffer overflows the correct approach is to add
runtime checks in GCC as that's the place where you have the right info about
variables and array sizes. The current implementation is completely broken
in that it doesn't do buffer overflow checks even in the most trivial cases, and
fails to inline or optimize checks. It just adds duplicate entry points which are
inefficient and are mostly unused... (and you get people adding ifuncs for them
functions just for fun)
Wilco